Jump to content

Maleware removal help


Recommended Posts

Ever since Virtuemonde showed up during a scan my computers been having some issues. My Firefox icon changes at every restart to an icon that looks like an installer package (Firefox still works). Three tries of the GMER Rootkit Scanner and it doesn't complete. The response rate of just about every function of the machine is extremely slow. Often to the point the machine hangs and I have to hold down the power button to restart. Malwarebytes says it removed Virtuemonde but I'm not convinced it's gone so I'm here for some help.

One note the GMER Rootkit scanner never completes (It either locks my machine or restarts my machine with a fatal error) I managed to save a log file about half way through the process that I will post. So this log file is not from a complete scan, just a partial scan.

DeFogger still has my CD Emulation drivers disabled.

Thanks in advance I really appreciate it. Let me know the next steps.

Thanks!

Here is the DDS log

****************************************************

DDS (Ver_10-03-17.01) - NTFSx86

Run by HP_Administrator at 19:00:51.57 on Mon 09/06/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.1702 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\dvd43\dvd43_tray.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

svchost.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Belkin\Switch2\Switch2.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\BitTorrent\BitTorrent.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: {0483894E-2422-45E0-8384-021AFF1AF3CD} - No File

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hp_administrator\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\switch2.lnk - c:\docume~1\hp_adm~1\applic~1\microsoft\installer\{067b5e9a-a4ba-4bf2-aff2-6d5414b2e88a}\NewShortcut1_067B5E9AA4BA4BF2AFF26D5414B2E88A.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google calendar sync.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\updates from hp.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download With Album Copier - c:\program files\birosolutions\web album copier\\internetexplorerextensions\albumcopier.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm

IE: Send to &Bluetooth Device... - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm

IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\hp_administrator\start menu\programs\ultimatebet\UltimateBet.lnk

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207469967055

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\zfjyzbxp.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zfjyzbxp.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll

FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zfjyzbxp.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\zfjyzbxp.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll

FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMySrWB.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - localfilelinks

FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk

FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-1 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-11 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-11 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-22 304464]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-8-27 1051968]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-13 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-22 20952]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2010-2-25 10064]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-16 430152]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2008-4-17 31872]

=============== Created Last 30 ================

2010-09-06 23:59:26 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable

2010-09-06 04:10:44 0 d-----w- c:\docume~1\hp_adm~1\applic~1\AVS4YOU

2010-09-06 04:07:51 0 d-----w- c:\program files\common files\AVSMedia

2010-09-06 04:07:47 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-09-06 04:07:47 0 d-----w- c:\program files\AVS4YOU

2010-09-06 04:07:47 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU

2010-09-06 00:43:01 0 d-----w- c:\program files\DX-Ball

2010-09-05 23:07:36 0 d-----w- c:\documents and settings\hp_administrator\oldstuff

2010-09-05 20:37:48 0 d-----w- c:\program files\Nero

2010-09-03 21:44:26 0 d-----w- c:\program files\mp3val-0.1.8

2010-09-03 04:00:39 30528 ----a-w- c:\windows\system32\TURegOpt.exe

2010-09-03 04:00:37 30016 ----a-w- c:\windows\system32\uxtuneup.dll

2010-09-03 04:00:26 0 d-----w- c:\docume~1\hp_adm~1\applic~1\TuneUp Software

2010-09-03 04:00:09 0 d-----w- c:\program files\TuneUp Utilities 2010

2010-09-03 03:59:58 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software

2010-09-03 03:59:45 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-09-03 03:35:50 0 d-----w- C:\GroundsKeeper Pro v6.3.1

2010-09-01 03:46:13 0 d-----w- c:\program files\VideoLAN

2010-08-30 03:30:16 0 d-----w- c:\program files\BitTorrent

2010-08-30 03:29:38 0 d-----w- c:\docume~1\hp_adm~1\applic~1\BitTorrent

2010-08-20 23:43:32 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Philipp Winterberg

2010-08-20 23:43:28 0 d-----w- c:\program files\Free RAR Extract Frog

2010-08-20 23:31:58 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Scooter Software

2010-08-20 23:12:15 0 d-----w- c:\program files\meta-iPod, the iTunes Cleaner

2010-08-20 22:44:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1

2010-08-16 19:47:59 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2010-08-15 18:11:20 0 d-----w- c:\program files\Speccy

2010-08-12 21:37:16 3243 ----a-w- c:\windows\system32\wbem\Outlook_01cb3a6688e7d565.mof

2010-08-10 21:58:13 0 d-----w- c:\program files\Evernote

2010-08-10 10:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-08-10 10:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

2010-07-15 14:37:28 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:37:26 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 14:37:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-06-24 22:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll

2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll

2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll

2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll

2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll

2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll

2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll

2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll

2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll

2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys

2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-06-22 09:36:29 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys

2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2010-06-18 11:39:18 16896 ------w- c:\windows\system32\dllcache\iecompat.dll

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2008-05-17 04:21:52 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051620080517\index.dat

2008-05-27 06:44:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052720080528\index.dat

============= FINISH: 19:01:53.34 ===============

Here is the last Malewarebytes log ran today:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4556

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

9/6/2010 5:45:27 PM

mbam-log-2010-09-06 (17-45-27).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

:blink:

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

We've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

As for the question how about the computer is behaving now.

Things seem to be slightly faster in response time, but my Firefox icon continues to look like an installer package icon (Firefox still works) During the scans and such that you had me run the icon changed back to the Firefox Icon but after the restart it moved back to the Installer icon.

I will use the computer a bit this evening and see if I can determine any other issues.

Once again thanks for your time, and I'm all ears on the next steps.

Below is the Combofix Log

ComboFix 10-09-07.01 - HP_Administrator 09/07/2010 21:29:35.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.1863 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll

c:\windows\system32\advapi32(2).dll

c:\windows\system32\SET6B2.tmp

c:\windows\system32\Thumbs.db

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_USNJSVC

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))

.

2010-09-06 04:10 . 2010-09-06 04:10 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVS4YOU

2010-09-06 04:07 . 2010-09-06 04:08 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-09-06 04:07 . 2010-09-06 04:11 -------- d-----w- c:\program files\AVS4YOU

2010-09-06 04:07 . 2010-09-06 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2010-09-06 04:07 . 2008-08-13 16:22 24576 ----a-w- c:\windows\system32\msxml3a.dll

2010-09-06 00:43 . 2010-09-06 00:43 -------- d-----w- c:\program files\DX-Ball

2010-09-05 23:07 . 2010-09-05 23:07 -------- d-----w- c:\documents and settings\HP_Administrator\oldstuff

2010-09-05 20:39 . 2010-09-05 20:49 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ahead

2010-09-05 20:37 . 2010-09-05 20:41 -------- d-----w- c:\program files\Common Files\Ahead

2010-09-05 20:37 . 2010-09-05 20:37 -------- d-----w- c:\program files\Nero

2010-09-03 21:44 . 2010-09-03 21:47 -------- d-----w- c:\program files\mp3val-0.1.8

2010-09-03 19:07 . 2010-09-03 19:07 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe

2010-09-03 04:00 . 2010-08-27 20:02 30528 ----a-w- c:\windows\system32\TURegOpt.exe

2010-09-03 04:00 . 2010-08-27 19:56 30016 ----a-w- c:\windows\system32\uxtuneup.dll

2010-09-03 04:00 . 2010-09-03 04:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TuneUp Software

2010-09-03 04:00 . 2010-09-03 04:01 -------- d-----w- c:\program files\TuneUp Utilities 2010

2010-09-03 03:59 . 2010-09-03 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2010-09-03 03:59 . 2010-09-03 03:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-09-03 03:35 . 2010-09-03 03:37 -------- d-----w- C:\GroundsKeeper Pro v6.3.1

2010-09-03 03:34 . 2010-09-03 03:34 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations

2010-09-01 03:47 . 2010-09-03 20:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc

2010-09-01 03:46 . 2010-09-01 03:46 -------- d-----w- c:\program files\VideoLAN

2010-08-30 03:30 . 2010-08-30 03:30 -------- d-----w- c:\program files\BitTorrent

2010-08-30 03:29 . 2010-09-08 01:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent

2010-08-20 23:43 . 2010-08-20 23:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Philipp Winterberg

2010-08-20 23:43 . 2010-08-20 23:43 -------- d-----w- c:\program files\Free RAR Extract Frog

2010-08-20 23:31 . 2010-08-20 23:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Scooter Software

2010-08-20 23:17 . 2010-08-20 23:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\myPod_Apps,_LLC

2010-08-20 23:12 . 2010-08-20 23:18 -------- d-----w- c:\program files\meta-iPod, the iTunes Cleaner

2010-08-20 22:44 . 2010-08-20 22:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1

2010-08-20 22:44 . 2010-08-20 22:43 53632 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-08-20 22:43 . 2010-08-20 22:43 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-08-17 02:51 . 2010-04-19 15:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2010-08-16 22:21 . 2010-08-16 22:21 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG Security Toolbar

2010-08-16 19:47 . 2010-08-17 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-08-15 18:11 . 2010-08-15 18:11 -------- d-----w- c:\program files\Speccy

2010-08-13 02:06 . 2010-08-12 06:52 85464 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

2010-08-13 02:06 . 2010-08-12 06:52 38872 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll

2010-08-12 09:33 . 2010-08-20 23:58 185984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-08-10 21:58 . 2010-08-10 21:58 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Evernote

2010-08-10 21:58 . 2010-08-10 21:58 -------- d-----w- c:\program files\Evernote

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-08 02:41 . 2006-11-27 17:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherBug

2010-09-08 02:39 . 2009-10-05 18:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Dropbox

2010-09-08 02:36 . 2006-11-27 00:07 12 ----a-w- c:\windows\bthservsdp.dat

2010-09-07 19:04 . 2010-07-28 21:46 0 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat

2010-09-05 20:37 . 2008-01-29 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2010-09-03 19:12 . 2010-06-18 03:38 -------- d-----w- c:\program files\iTunes

2010-09-03 19:12 . 2006-11-19 15:42 -------- d-----w- c:\program files\iPod

2010-09-03 19:11 . 2009-01-16 15:31 -------- d-----w- c:\program files\Common Files\Apple

2010-09-03 04:42 . 2008-07-14 04:39 -------- d-----w- c:\program files\PokerStars

2010-09-03 04:41 . 2006-08-11 14:37 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-09-03 04:40 . 2007-01-15 22:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield

2010-09-03 04:38 . 2009-02-17 02:19 -------- d-----w- c:\program files\LimeWire

2010-09-03 04:37 . 2006-08-11 14:01 -------- d-----w- c:\program files\GemMaster

2010-09-03 04:36 . 2010-06-04 03:07 -------- d-----w- c:\program files\Full Tilt Poker

2010-08-21 03:05 . 2007-07-18 15:14 -------- d-----w- c:\program files\QuickTime

2010-08-20 23:57 . 2010-03-08 18:43 -------- d-----w- c:\program files\TeamViewer

2010-08-20 18:25 . 2007-11-04 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM

2010-08-13 02:59 . 2010-03-23 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-04 08:05 . 2010-08-04 08:05 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6efbfa-n\msvcp71.dll

2010-08-04 08:05 . 2010-08-04 08:05 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6efbfa-n\jmc.dll

2010-08-04 08:05 . 2010-08-04 08:05 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4d6efbfa-n\msvcr71.dll

2010-08-04 08:05 . 2010-08-04 08:05 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a013b7b-n\decora-sse.dll

2010-08-04 08:05 . 2010-08-04 08:05 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1a013b7b-n\decora-d3d.dll

2010-08-04 03:11 . 2007-01-19 21:27 -------- d-----w- c:\program files\UltimateBet

2010-07-28 05:46 . 2008-06-23 15:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype

2010-07-28 05:06 . 2008-06-23 15:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM

2010-07-27 01:45 . 2010-07-27 01:45 -------- d-----w- c:\program files\Common Files\Skype

2010-07-27 01:45 . 2008-06-23 15:54 -------- d-----r- c:\program files\Skype

2010-07-27 01:45 . 2008-06-23 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2010-07-22 07:57 . 2009-08-19 22:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate

2010-07-17 05:26 . 2006-08-11 14:06 -------- d-----w- c:\program files\Common Files\Java

2010-07-17 05:26 . 2006-08-11 14:06 -------- d-----w- c:\program files\Java

2010-07-15 14:37 . 2009-03-25 01:26 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:37 . 2010-07-15 14:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 14:37 . 2009-01-11 08:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-15 03:31 . 2008-04-22 03:53 -------- d-----w- c:\program files\Picasa2

2010-07-11 02:22 . 2010-07-11 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2010-07-11 02:22 . 2010-07-11 02:21 -------- d-----w- c:\program files\AIM

2010-07-11 02:21 . 2010-07-11 02:21 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-07-11 02:21 . 2007-01-12 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-06-30 12:31 . 2008-05-17 03:41 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2008-05-17 03:41 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-22 09:36 . 2010-06-04 03:21 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-21 15:27 . 2008-05-17 03:41 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-08-10 04:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-10 04:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

"nwiz"="nwiz.exe" [2008-12-26 1657376]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-06-29 827904]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-11 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-11 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

Switch2.lnk - c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{067B5E9A-A4BA-4BF2-AFF2-6D5414B2E88A}\NewShortcut1_067B5E9AA4BA4BF2AFF26D5414B2E88A.exe [2008-11-20 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-11 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-10-26 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-09-06 21:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AlwaysReady Power Message APP"=ARPWRMSG.EXE

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"Reminder"="c:\windows\Creator\Remind_XP.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/1/2009 9:37 PM 64160]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/11/2009 3:17 AM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/24/2009 8:26 PM 243024]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:37 AM 308136]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/22/2010 8:31 PM 304464]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [8/27/2010 2:59 PM 1051968]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/13/2009 6:56 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/22/2010 8:31 PM 20952]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2/25/2010 11:18 AM 10064]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/16/2010 2:47 PM 430152]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]

S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [4/17/2008 3:01 PM 31872]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-12-05 18:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:37]

2010-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-09-05 c:\windows\Tasks\Auslogics Console Defragmentation.job

- c:\program files\Auslogics\AusLogics Disk Defrag\cdefrag.exe [2009-01-13 03:35]

2010-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2147614819-192308621-1342240211-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-09-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2147614819-192308621-1342240211-1007.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-09-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-12-08 20:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uDefault_Search_URL = hxxp://www.google.com/ie

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download With Album Copier - c:\program files\BiroSolutions\Web Album Copier\\InternetExplorerExtensions\albumcopier.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send to &Bluetooth Device... - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\HP_Administrator\Start Menu\Programs\UltimateBet\UltimateBet.lnk

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zfjyzbxp.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll

FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrWB.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: capability.policy.policynames - localfilelinks

FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.com http://s2.travian.com http://s3.travian.com http://s4.travian.com http://s5.travian.com http://s6.travian.com http://s7.travian.com http://s8.travian.com http://s9.travian.com http://s10.travian.com http://speed.travian.com http://s1.travian.us http://s2.travian.us http://s3.travian.us http://s4.travian.us http://s5.travian.us http://s6.travian.us http://s7.travian.us http://s8.travian.us http://s9.travian.us http://s10.travian.us http://speed.travian.us http://s1.travian.co.uk http://s2.travian.co.uk http://s3.travian.co.uk http://s4.travian.co.uk http://s5.travian.co.uk http://s6.travian.co.uk http://s7.travian.co.uk http://s8.travian.co.uk http://s9.travian.co.uk http://s10.travian.co.uk http://speed.travian.co.uk

FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

Notify-uRlLfFyy - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-07 21:45

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2147614819-192308621-1342240211-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4588)

c:\windows\system32\WININET.dll

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll

c:\documents and settings\HP_Administrator\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\rundll32.exe

c:\program files\UPHClean\uphclean.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\RTHDCPL.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Belkin\Switch2\Switch2.exe

c:\windows\system32\wscntfy.exe

c:\windows\eHome\ehmsas.exe

c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

c:\windows\system32\dllhost.exe

c:\windows\system\hpsysdrv.exe

c:\progra~1\AWS\WEATHE~1\Weather.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-09-07 21:47:24 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-08 02:47

Pre-Run: 146,634,539,008 bytes free

Post-Run: 146,515,361,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 8951FF03EF4698A3DA2D6D8916C40B1F

Link to post
Share on other sites

For the Icon issues, these these.

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

3. Select Restore Defaults

1. Click Start, and then click Control Panel.

2. Double-click Display, click the Desktop tab, and then click Customize Desktop.

then click the web tab, then under the web pages to display on your desktop

if it has "security" you uncheck this and delete

Link to post
Share on other sites

Followed the steps to correct the icon but after a reboot the icon reverts back to an installer package icon. Thoughts?

Other then that everything seemed to be okay with my computer while playing around last night.

Should I attempt to run the GMER Rootkit scanner again and see if it fully completes?

Thanks again for your help

Link to post
Share on other sites

Gmer has the following boxes down the right side that can be checked/unchecked.

System

Sections

IAT/EAT

Devices

Modules

Processes

Threads

Libraries

Services

Registry

Files

Then a section with drives to scan

Ads

Leave only the root drive and System checked then scan. If successful, also check Sections and scan.

etc etc

Link to post
Share on other sites

It was an adventure but I did what you listed above (For the most part)

I ran GMER with the system box checked and it completed successfully and gave me this report:

****GMER System Report****

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 11:39:21

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118C10]

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB411D6D0]

---- EOF - GMER 1.0.15 ----

**********************

I then removed the check box from system and ran the Sections report and after an hour of scanning my computer became unresponsive.

I held down the power button until it shut off, turned it back on ran the system report successfully again (identidical to what's above) and then started the sections report again. After about 6-7 min of scanning the computer restarted in mid scan.

Third time appears to be the charm as the third time the sections report completed and gave me the following

**** GMER Sections report****

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 12:27:25

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8AE3360, 0x35363F, 0xE8000020]

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

******************************

After the sections report I was able to run every report until we reach the file section. The Modules, Process, Threads, Services, Libraries and IAT/EAT all returned a message saying "GMER has not found any System Modifications"

********GMER Devices***************

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 12:27:50

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

*********************************************

************GMER Registry*********************

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 12:36:09

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6f8429

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000cbf013800

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a6f8429 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000cbf013800 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

*************************************************

After all of these sections were done I ran the files section with only the C drive selected (the ADS check box was also selected)

After 4 hours of scanning, it was still scanning (The scan started getting progressively slower) I stopped the scan so I can use my computer for a few other things.

After I stopped the scan my computer became unresponsive and I had to restart the machine by holding down the power button.

For what it's worth after 4 hours of scanning GMER had not found anything in the Files scan.

Should I start the files scan again when I go to bed or did the other scans give you the information you needed?

Thanks in advance.

Kris

Link to post
Share on other sites

Run this instead.

Please download MBRCheck.exe to your desktop.

  1. Double click MBRCheck.exe to run it
  2. right click on the top title bar (where program name and path is written)
  3. From the drop down menu chose Edit then Select All
  4. Click the Enter key on the keyboard > this will copy the selected text to the clipboard
  5. In your reply > right click in the reply window and paste the copied text

Link to post
Share on other sites

Here you go....

At the prompt I hit 'N' to exit.

*********************************

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`02c6fe00 (FAT32)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

76 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Link to post
Share on other sites

Is this a Dell computer?

Please do the following:

  1. Run MBRCheck.exe
  2. Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. Please push the 'Y' key and then press Enter
  4. When program ask you Enter your choice: enter (2) and press the Enter key
  5. Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  6. Enter 0 and press the Enter key.
  7. The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  8. The program will prompt for confirmation. Type 'YES' and hit Enter.
  9. Left click on the title bar (where program name and path is written).
  10. From menu chose Edit -> Select All
  11. Hit the Enter key on your keyboard to copy selected text.
  12. Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
  13. Restart your PC.
  14. Post the text in "MBRCheck results.txt" here, please.

Link to post
Share on other sites

Completed as requested.

The log file is below.

I'm all ears... And Thanks again!

*********************************

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`02c6fe00 (FAT32)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

76 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 2

Enter the physical disk number to fix (0-99, -1 to cancel): 0

Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel

Please select the MBR code to write to this drive: 1

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes

Successfully wrote new MBR code!

Please reboot your computer to complete the fix.

Done!

Press ENTER to exit...

Link to post
Share on other sites

Okay I guess... Similar to before.

My Firefox icon is still wacky and I haven't tried to run GMER to see if that completes.

(I'll follow the directions above to reset the icons and reboot and see what happens)

After seeing you check the MBR I'm starting to wonder if I did something to cause part of the problem. The secondary drive that shows up on the MBR check (The 76 GB one) was a recent addition to the machine.

It's an old hard drive from a friend of mine from a scrapped computer. I set it up as a slave and installed it. I had some issues getting the computer to recognize it. For some reason when I checked the BIOS after a restart or two it showed the new drive as the primary boot drive instead of the main drive. I corrected this but I'm wondering if the OS that was installed on the new smaller drive created some sort of issue (The smaller drive has since been quick formatted so it should be clean)

I was having some of these issues before hand. But Is it possible I made it worse?

Thoughts?

Link to post
Share on other sites

Re-run MBRCheck again.

When prompted, enter Y

Then enter 1 to dump the MBR to physical disk

Name the dumped file as Dump.dat

Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved, please zip it up and attach in your next reply.

Link to post
Share on other sites

I hit 1 to dump the MBR to physical disk...

Then it asks me to enter the physical disk number to dump... I enter -1 to exit.

No file creates named dump.dat. I even searched the computer for a file name that with no results returned.

The only files that are being created are named similar to this "MBRCheck_09.08.10_21.36.56.txt"

Here's another copy and paste

**************************************

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x000003fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`02c6fe00 (FAT32)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 3FA1BAC1D7FD18071BE2B53E6001CD7DFE278CEB

76 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice: 1

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Press ENTER to exit...

Link to post
Share on other sites

You can run a GMER scan.

Note:

Gmer has the following boxes down the right side that can be checked/unchecked.

IET/EAT

System

Sections

Devices

Modules

Processes

Threads

Libraries

Services

Registry

Files

Then a section with drives to scan

Ads

Leave only the root drive and System checked then scan. If successful, also check Sections and scan.

etc etc

Link to post
Share on other sites

I tried to run GMER again. There is something about that scanner that my computer really doesn't like.

I only did a partial of the first couple of elements and it took me over 5 minutes just to save the text file. I was then going to restart prior to starting the next portion and my computer locked up.

After the restart I did the second half of the items (outside of the files) and after it completed I tried to restart prior to scanning the files section. It took me about 10 min but the machine start shutting down and froze part way through that process.

Due to the problems with those two items I did not run a scan of the files.

Below are the results of the two scans I was able to save:

Any idea why my machine hates the GMER scanner? As well as my Firefox icon?

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 21:56:55

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA11887E]

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA118C10]

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB3B206D0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB87E9360, 0x35363F, 0xE8000020]

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-09-08 22:16:48

Windows 5.1.2600 Service Pack 3

Running: psgenoeu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldypow.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a6f8429

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000cbf013800

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a6f8429 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000cbf013800 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.