BuffaloMatt Posted October 2, 2010 ID:321850 Share Posted October 2, 2010 I have been having problems with my browser being hijacked to odd search engines or to Stopzilla page. My resident av is AVG but I saw a recommendation for Malwarebytes so I downloaded and ran it with some success. Currently AVG and MBM are showing the system is clean but I still have the problem with Firefox3.6.10 but Google Chrome (I do not know the version or how to find it) seems to work okay.When I first tried to run MBAM nothing happened so I tried renaming the file from mbam to mbam.exe which allowed it to run. I then saw the filename in explorer as mbam.exe.exe . Really.Ran defogger okay.I have run DDS okay but GMER scanning causes the system to re-boot after about half an hour. I would appreciate any assistance that you can offer.Thanks,MattDDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Owner at 20:40:23.67 on 01/10/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1181 [GMT 1:00]============== Running Processes ===============C:\PROGRA~1\AVG\AVG10\avgchsvx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exeC:\Program Files\AVG\AVG10\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\OpenOffice.org 3\program\soffice.exesvchost.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exeC:\Program Files\AVG\AVG10\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG10\avgnsx.exeC:\Program Files\AVG\AVG10\avgemcx.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterc:\windows\system\hpsysdrv.exeC:\PROGRA~1\AVG\AVG10\avgrsx.exeC:\Program Files\AVG\AVG10\avgcsrvx.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Mozilla Thunderbird\thunderbird.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\AVG\AVG10\avgui.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Documents and Settings\HP_Owner\My Documents\Downloads\dds.com============== Pseudo HJT Report ===============uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktopuSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktopuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/iemSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dllmURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dllBHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dllBHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dllTB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dllTB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz0.dllTB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dlluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheModemRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exemRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /runmRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logonmRun: [WinampAgent] "c:\program files\winamp\winampa.exe"mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXEmRun: [<NO NAME>] mRun: [KBD] c:\hp\kbd\KBD.EXEmRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectmRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exeStartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.htmlIE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cabHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dllHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dllNotify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\5dyjay2d.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.guardian.co.uk/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=FF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dllFF - component: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dllFF - component: c:\program files\avg\avg10\firefox\components\avgssff.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\program files\common files\motive\npMotive.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dllFF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-9-23 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-9-23 234888]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]S2 gupdate1ca1dc6a0e55196;Google Update Service (gupdate1ca1dc6a0e55196);c:\program files\google\update\GoogleUpdate.exe [2009-8-15 133104]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-9-28 488776]S3 GPU-Z;GPU-Z;\??\c:\docume~1\hp_owner\locals~1\temp\gpu-z.sys --> c:\docume~1\hp_owner\locals~1\temp\GPU-Z.sys [?]=============== Created Last 30 ================2010-10-01 19:35:41 0 ----a-w- c:\documents and settings\hp_owner\defogger_reenable2010-10-01 18:58:49 0 d-----w- c:\program files\Trend Micro2010-09-30 21:46:41 0 d-----w- c:\program files\iPod2010-09-30 18:51:30 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes2010-09-30 17:54:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-09-30 17:54:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-09-30 17:54:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-09-30 17:54:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-09-30 00:02:36 0 d-----w- c:\docume~1\hp_owner\applic~1\AVG2010-09-29 23:32:03 94 ----a-w- c:\windows\family.ini2010-09-29 11:10:24 42184 ---ha-w- c:\windows\system32\mlfcache.dat2010-09-28 20:05:44 0 d-----w- c:\docume~1\hp_owner\applic~1\AVG102010-09-28 20:04:36 0 d--h--w- c:\docume~1\alluse~1\applic~1\Common Files2010-09-28 20:04:26 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar2010-09-28 20:03:04 0 d-----w- c:\windows\system32\drivers\AVG2010-09-28 20:03:04 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG102010-09-28 19:55:49 0 d-----w- c:\docume~1\alluse~1\applic~1\MFAData2010-09-27 14:58:17 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-09-13 15:27:24 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys2010-09-09 17:36:14 0 d-----w- c:\program files\Winamp Detect2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts2010-09-07 15:22:52 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2010-09-07 15:22:52 107368 ----a-w- c:\windows\system32\GEARAspi.dll2010-09-07 15:21:35 0 d-----w- c:\program files\iTunes2010-09-07 15:21:35 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-09-07 15:20:35 0 d-----w- c:\program files\Bonjour2010-09-07 14:27:06 0 d-----w- c:\program files\common files\Motive2010-09-07 14:27:00 0 d-----w- c:\program files\BT Broadband Desktop Help2010-09-07 14:26:25 0 d-----w- c:\program files\BTHomeHub2010-09-07 02:49:00 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-09-07 02:48:54 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-09-07 02:48:50 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys==================== Find3M ====================2010-09-30 11:10:30 327680 ----a-w- c:\windows\system32\wpdsp.dll2010-09-30 11:10:29 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll2010-09-30 11:10:29 221184 ----a-w- c:\windows\system32\wmpns.dll2010-09-30 11:10:28 712704 ----a-w- c:\windows\system32\windowscodecs.dll2010-09-30 11:10:28 344064 ----a-w- c:\windows\system32\WMDRMdev.dll2010-09-30 11:10:28 290816 ----a-w- c:\windows\system32\WMDRMNet.dll2010-09-30 11:10:19 28672 ----a-w- c:\windows\system32\verclsid.exe2010-09-30 11:10:17 77824 ----a-w- c:\windows\system32\UMLoader.dll2010-09-30 11:10:16 442368 ----a-w- c:\windows\system32\sqlsrv32.dll2010-09-30 11:10:16 155648 ----a-w- c:\windows\system32\ssleay32.dll2010-09-30 11:10:00 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll2010-09-30 11:08:59 98304 ----a-w- c:\windows\system32\dllcache\verifier.exe2010-09-30 11:07:52 90112 ----a-w- c:\windows\system32\CNMCP74.exe2010-09-30 11:07:52 90112 ----a-r- c:\windows\system32\cnm41C.tmp2010-09-30 11:07:52 77824 ----a-w- c:\windows\system32\cliconfg.dll2010-09-30 11:07:52 20480 ----a-w- c:\windows\system32\cliconfg.exe2010-09-30 11:07:36 86016 ----a-w- c:\windows\SOUNDMAN.EXE2010-09-30 11:04:39 360448 ----a-w- c:\windows\RtlUpd.exe2010-09-30 11:03:03 2158592 ----a-w- c:\windows\MicCal.exe2010-09-30 10:59:29 12288 ----a-w- c:\windows\fonts\RandFont.dll2010-09-30 10:59:14 12288 ---ha-w- c:\windows\fonts\8514oem.fon2010-09-30 10:59:05 163840 ----a-w- c:\windows\BJPSUNST.EXE2010-09-30 10:57:58 69632 ----a-w- c:\windows\ALCMTR.EXE2010-09-30 10:57:58 2809856 ----a-w- c:\windows\ALCWZRD.EXE2010-08-19 20:42:38 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys2010-08-19 20:42:36 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys2010-08-19 20:42:34 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe2010-07-27 17:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll2010-07-27 17:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll2010-07-27 17:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll2010-07-27 17:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\dllcache\rpcrt4.dll2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll2007-11-10 12:16:36 32 --sha-w- c:\windows\sminst\HPCD.SYS============= FINISH: 20:41:39.25 ===============Attach.zip Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321852 Share Posted October 2, 2010 Hi Matt and Welcome to Malwarebytes Forum!Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321855 Share Posted October 2, 2010 Hi Matt and Welcome to Malwarebytes Forum!Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory.Hi Kenny,Thanks for your assistance.Below is the report:2010/10/02 15:16:41.0000 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:542010/10/02 15:16:41.0000 ================================================================================2010/10/02 15:16:41.0000 SystemInfo:2010/10/02 15:16:41.0000 2010/10/02 15:16:41.0000 OS Version: 5.1.2600 ServicePack: 3.02010/10/02 15:16:41.0000 Product type: Workstation2010/10/02 15:16:41.0000 ComputerName: YOUR-C94F920E242010/10/02 15:16:41.0000 UserName: HP_Owner2010/10/02 15:16:41.0000 Windows directory: C:\WINDOWS2010/10/02 15:16:41.0000 System windows directory: C:\WINDOWS2010/10/02 15:16:41.0000 Processor architecture: Intel x862010/10/02 15:16:41.0000 Number of processors: 22010/10/02 15:16:41.0000 Page size: 0x10002010/10/02 15:16:41.0000 Boot type: Normal boot2010/10/02 15:16:41.0000 ================================================================================2010/10/02 15:16:41.0234 Initialize successI tried Firefox doing a Google search for AVG. It takes me to the correct page for a moment then the screen goes blank and a message at the bottom says "Transferring data from google-analytics.com"Regards Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321857 Share Posted October 2, 2010 I tried Firefox doing a Google search for AVG. It takes me to the correct page for a moment then the screen goes blank and a message at the bottom says "Transferring data from google-analytics.com"I see. Thank you. Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.--------------------------------------------------------------------------------------------- Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321873 Share Posted October 2, 2010 I see. Thank you. Download ComboFix from below:Combofix download* IMPORTANT !!! Place combofix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:The Recovery Console was successfully installed.Click on Yes, to continue scanning for malware.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------Hi Kenny,Combofix report below:ComboFix 10-10-01.06 - HP_Owner 02/10/2010 15:56:07.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1355 [GMT 1:00]Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\HP_Owner\GoToAssistDownloadHelper.exec:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16C.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16D.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc16E.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc178.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17D.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc17F.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc180.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc18C.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc197.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc198.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19B.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19C.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc19D.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1BC.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc1D0.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc249.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc285.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc287.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc377.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mcc3EE.tmpc:\documents and settings\HP_Owner\Local Settings\Temporary Internet Files\mccB.tmpD:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 ))))))))))))))))))))))))))))))).2010-10-01 18:58 . 2010-10-01 18:58 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2010-10-01 18:58 . 2010-10-01 18:58 -------- d-----w- c:\program files\Trend Micro2010-10-01 15:10 . 2010-10-01 15:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2010-09-30 21:46 . 2010-09-30 21:46 -------- d-----w- c:\program files\iPod2010-09-30 21:43 . 2010-09-30 21:43 -------- d-----w- c:\program files\QuickTime2010-09-30 21:41 . 2010-09-30 21:41 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe2010-09-30 18:51 . 2010-09-30 18:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes2010-09-30 17:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-09-30 17:54 . 2010-10-02 00:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-09-30 17:54 . 2010-09-30 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-09-30 17:54 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-09-30 12:40 . 2010-09-30 12:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2010-09-30 12:38 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-09-30 00:02 . 2010-09-30 09:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG2010-09-30 00:01 . 2010-10-02 15:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-09-29 23:32 . 2010-09-29 23:32 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\HotSync2010-09-29 11:10 . 2010-09-29 11:10 42184 ---ha-w- c:\windows\system32\mlfcache.dat2010-09-28 20:14 . 2010-09-28 20:14 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\AVG Security Toolbar2010-09-28 20:05 . 2010-09-28 20:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG102010-09-28 20:04 . 2010-09-28 20:04 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files2010-09-28 20:04 . 2010-09-28 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar2010-09-28 20:03 . 2010-10-02 11:03 -------- d-----w- c:\windows\system32\drivers\AVG2010-09-28 20:03 . 2010-10-01 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG102010-09-28 19:55 . 2010-09-28 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2010-09-27 14:58 . 2010-09-30 09:58 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7708f173-n\msvcp71.dll2010-09-27 14:58 . 2010-09-30 09:58 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7708f173-n\jmc.dll2010-09-27 14:58 . 2010-09-30 09:58 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7708f173-n\msvcr71.dll2010-09-27 14:58 . 2010-09-30 09:58 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-40b4003e-n\decora-sse.dll2010-09-27 14:58 . 2010-09-27 14:58 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-40b4003e-n\decora-d3d.dll2010-09-27 14:58 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll2010-09-23 08:13 . 2010-09-23 08:13 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe2010-09-23 08:13 . 2010-09-23 08:13 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe2010-09-23 08:13 . 2010-09-23 08:13 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe2010-09-23 08:13 . 2010-09-23 08:13 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll2010-09-23 08:13 . 2010-09-23 08:13 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll2010-09-23 08:13 . 2010-09-23 08:13 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll2010-09-23 08:13 . 2010-09-23 08:13 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll2010-09-23 08:13 . 2010-09-23 08:13 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll2010-09-23 08:13 . 2010-09-23 08:13 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll2010-09-23 08:11 . 2010-09-23 08:11 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll2010-09-17 17:13 . 2010-09-26 14:32 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\vlc2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys2010-09-09 20:35 . 2010-09-09 20:35 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe2010-09-09 18:25 . 2010-09-09 18:30 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\dvdcss2010-09-09 17:36 . 2010-09-09 17:36 -------- d-----w- c:\program files\Winamp Detect2010-09-09 17:35 . 2010-09-09 18:16 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Winamp2010-09-07 15:23 . 2010-09-07 15:23 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe2010-09-07 15:22 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys2010-09-07 15:22 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll2010-09-07 15:21 . 2010-09-30 21:47 -------- d-----w- c:\program files\iTunes2010-09-07 15:21 . 2010-09-07 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-09-07 15:21 . 2010-09-07 15:22 -------- dc----w- c:\windows\system32\DRVSTORE2010-09-07 15:20 . 2010-09-07 15:20 -------- d-----w- c:\program files\Bonjour2010-09-07 14:29 . 2010-09-07 14:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Motive2010-09-07 14:27 . 2010-09-07 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive2010-09-07 14:27 . 2010-09-07 14:27 -------- d-----w- c:\program files\Common Files\Motive2010-09-07 14:27 . 2010-09-07 14:27 -------- d-----w- c:\program files\BT Broadband Desktop Help2010-09-07 14:26 . 2010-09-07 14:26 -------- d-----w- c:\program files\BTHomeHub2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys2010-09-07 02:48 . 2010-09-07 02:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-10-02 14:12 . 2004-08-04 11:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys2010-10-01 12:14 . 2009-08-27 18:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat2010-09-30 21:46 . 2009-10-22 21:19 -------- d-----w- c:\program files\Common Files\Apple2010-09-30 18:52 . 2009-09-23 00:37 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Azureus2010-09-30 11:10 . 2006-07-05 21:49 28672 ----a-w- c:\windows\web\Wallpaper\welcome\AWhelper.dll2010-09-30 11:10 . 2004-08-11 07:45 327680 ----a-w- c:\windows\system32\wpdsp.dll2010-09-30 11:10 . 2006-07-05 21:18 221184 ----a-w- c:\windows\system32\wmpns.dll2010-09-30 11:10 . 2004-08-11 07:45 331776 ----a-w- c:\windows\system32\wpdmtpdr.dll2010-09-30 11:10 . 2008-04-14 00:12 712704 ----a-w- c:\windows\system32\windowscodecs.dll2010-09-30 11:10 . 2004-08-11 07:45 344064 ----a-w- c:\windows\system32\WMDRMdev.dll2010-09-30 11:10 . 2004-08-11 07:45 290816 ----a-w- c:\windows\system32\WMDRMNet.dll2010-09-30 11:10 . 2008-04-14 00:12 28672 ----a-w- c:\windows\system32\verclsid.exe2010-09-30 11:10 . 2004-09-16 07:00 77824 ----a-w- c:\windows\system32\UMLoader.dll2010-09-30 11:10 . 2010-08-20 13:06 155648 ----a-w- c:\windows\system32\ssleay32.dll2010-09-30 11:10 . 2004-08-04 11:00 442368 ----a-w- c:\windows\system32\sqlsrv32.dll2010-09-30 11:10 . 2006-07-05 21:47 266240 ----a-w- c:\windows\system32\ShellvRTF64.dll2010-09-30 11:08 . 2006-07-05 21:11 532480 ----a-w- c:\windows\system32\cPC_DMIRD.dll2010-09-30 11:08 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\dbnmpntw.dll2010-09-30 11:08 . 2004-08-04 11:00 24576 ----a-w- c:\windows\system32\dbmsrpcn.dll2010-09-30 11:07 . 2009-08-04 16:38 90112 ----a-r- c:\windows\system32\cnm41C.tmp2010-09-30 11:07 . 2009-08-04 16:35 90112 ----a-w- c:\windows\system32\CNMCP74.exe2010-09-30 11:07 . 2004-08-04 11:00 77824 ----a-w- c:\windows\system32\cliconfg.dll2010-09-30 11:07 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\cliconfg.exe2010-09-30 11:07 . 2006-07-05 21:21 86016 ----a-w- c:\windows\SOUNDMAN.EXE2010-09-30 11:04 . 2006-07-05 21:21 360448 ----a-w- c:\windows\RtlUpd.exe2010-09-30 11:04 . 2009-08-04 15:00 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe2010-09-30 11:04 . 2009-08-04 15:00 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll2010-09-30 11:04 . 2009-08-04 15:00 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll2010-09-30 11:04 . 2009-08-04 15:00 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll2010-09-30 11:04 . 2009-08-04 15:00 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll2010-09-30 11:04 . 2009-08-04 15:00 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll2010-09-30 11:04 . 2009-08-04 15:00 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll2010-09-30 11:03 . 2006-07-05 21:21 2158592 ----a-w- c:\windows\MicCal.exe2010-09-30 10:59 . 2006-07-05 21:07 49152 ----a-w- c:\windows\help\SBSI\Training\usersid.exe2010-09-30 10:59 . 2006-07-05 21:07 233472 ----a-w- c:\windows\help\SBSI\Training\ounins32_s.exe2010-09-30 10:59 . 2006-02-19 09:28 12288 ----a-w- c:\windows\Fonts\RandFont.dll2010-09-30 10:59 . 2004-08-04 11:00 12288 ---ha-w- c:\windows\Fonts\8514oem.fon2010-09-30 10:59 . 2009-08-04 16:36 163840 ----a-w- c:\windows\BJPSUNST.EXE2010-09-30 10:57 . 2006-07-05 21:21 69632 ----a-w- c:\windows\ALCMTR.EXE2010-09-30 10:57 . 2006-07-05 21:21 2809856 ----a-w- c:\windows\ALCWZRD.EXE2010-09-30 00:00 . 2010-05-14 15:08 -------- d-----w- c:\program files\AVG2010-09-29 23:54 . 2009-09-23 00:37 -------- d-----w- c:\program files\Vuze2010-09-29 23:31 . 2010-08-16 11:45 -------- d-----w- c:\program files\Palm2010-09-29 23:21 . 2009-11-23 12:56 -------- d-----w- c:\program files\Common Files\Adobe2010-09-29 11:10 . 2009-08-28 18:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer2010-09-28 20:13 . 2010-08-12 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype2010-09-28 20:12 . 2010-08-12 11:04 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype2010-09-28 20:01 . 2010-08-12 11:10 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM2010-09-28 19:57 . 2010-05-14 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg92010-09-27 14:59 . 2006-07-05 21:10 -------- d-----w- c:\program files\Common Files\Java2010-09-27 14:57 . 2006-07-05 21:10 -------- d-----w- c:\program files\Java2010-09-27 12:09 . 2006-07-05 21:57 -------- d-----w- c:\program files\Google2010-09-22 14:00 . 2009-08-04 16:18 -------- d-----w- c:\program files\Mozilla Thunderbird2010-09-20 13:02 . 2010-04-09 17:48 -------- d-----w- c:\program files\Vuze_Remote2010-09-19 19:18 . 2010-08-19 15:55 -------- d-----w- c:\program files\Notepad++2010-09-09 20:36 . 2009-10-20 17:12 -------- d-----w- c:\program files\Safari2010-09-09 17:36 . 2009-08-04 17:25 -------- d-----w- c:\program files\Winamp2010-09-07 15:21 . 2009-08-04 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2010-09-07 14:26 . 2006-07-05 21:43 -------- d--h--w- c:\program files\InstallShield Installation Information2010-09-03 14:09 . 2009-08-05 12:47 1 ----a-w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys2010-08-26 19:02 . 2010-08-26 19:02 310208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe2010-08-19 21:49 . 2009-08-04 16:18 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Thunderbird2010-08-19 20:42 . 2010-08-19 20:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys2010-08-19 20:42 . 2010-08-19 20:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys2010-08-19 20:42 . 2010-08-19 20:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys2010-08-19 16:02 . 2010-08-19 15:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Notepad++2010-08-18 16:18 . 2010-08-19 07:31 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll2010-08-18 16:18 . 2010-08-19 07:31 101376 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll2010-08-17 13:17 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe2010-08-16 11:46 . 2010-08-16 11:46 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Arcsoft2010-08-15 17:08 . 2009-11-26 18:37 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\gtk-2.02010-08-14 15:55 . 2010-08-14 15:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\DGtalize2010-08-12 11:10 . 2010-08-12 11:10 56 ---ha-w- c:\windows\system32\ezsidmv.dat2010-07-27 17:44 . 2010-07-27 17:44 91424 ----a-w- c:\windows\system32\dnssd.dll2010-07-27 17:44 . 2010-07-27 17:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll2010-07-27 17:44 . 2010-07-27 17:44 197920 ----a-w- c:\windows\system32\dnssdX.dll2010-07-27 17:44 . 2010-07-27 17:44 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-07-22 15:49 . 2004-08-04 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll2010-07-22 05:57 . 2009-08-04 15:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll2007-11-10 12:16 . 2009-08-04 22:26 32 --sha-w- c:\windows\SMINST\HPCD.SYS.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-09-20 2735200][HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2010-08-27 14:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]2010-09-20 13:02 2735200 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-09-20 2735200]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-09-20 2735200][HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}][HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}][HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-04 68856][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ftutil2"="ftutil2.dll" [2010-09-30 106496]"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2010-09-30 49152]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2010-09-30 237568]"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2010-09-30 249856]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2010-09-30 409600]"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-05-20 188416]"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-09-30 7557120]"nwiz"="nwiz.exe" [2010-09-30 1519616]"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-05 180269]"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]c:\documents and settings\Administrator\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-5 27136]c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk - c:\program files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe [2009-8-4 937984]OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]c:\documents and settings\Default User\Start Menu\Programs\Startup\Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-5 27136][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]2010-09-07 14:26 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\Program Files\\Vuze\\Azureus.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [23/09/2009 01:37 464264]R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [23/09/2009 01:37 234888]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10:35 6104144]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]S2 gupdate1ca1dc6a0e55196;Google Update Service (gupdate1ca1dc6a0e55196);c:\program files\Google\Update\GoogleUpdate.exe [15/08/2009 17:37 133104]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [28/09/2010 21:04 488776]S3 GPU-Z;GPU-Z;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\HP_Owner\LOCALS~1\Temp\GPU-Z.sys [?]--- Other Services/Drivers In Memory ---*NewlyCreated* - KLMDB*Deregistered* - klmd25*Deregistered* - klmdb.Contents of the 'Scheduled Tasks' folder2010-09-30 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]2010-10-02 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job- c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-09-30 12:13]2010-10-02 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-04 16:35]2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 16:36]2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-15 16:36]..------- Supplementary Scan -------.uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=63&bd=PAVILION&pf=desktopuDefault_Search_URL = hxxp://www.google.com/iemSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=63&bd=PAVILION&pf=desktopuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlHandler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dllFF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.guardian.co.uk/FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dllFF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dllFF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dllFF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\program files\Common Files\Motive\npMotive.dllFF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dllFF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npBTEmailConfig.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);.- - - - ORPHANS REMOVED - - - -SafeBoot-klmdb.sys**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-10-02 16:06Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(816)c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll.Completion time: 2010-10-02 16:10:15ComboFix-quarantined-files.txt 2010-10-02 15:10Pre-Run: 152,505,171,968 bytes freePost-Run: 153,290,809,344 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - F0060E134D1116B07A7BCB5A478828DEDoes this look good?ThanksMatt Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321876 Share Posted October 2, 2010 Please give me an update on how the system is running? Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321878 Share Posted October 2, 2010 Please give me an update on how the system is running?Firefox is still misbehaving. Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321879 Share Posted October 2, 2010 TFC(Temp File Cleaner):Please download TFC to your desktop, Save any unsaved work. TFC will close all open application windows.Double-click TFC.exe to run the program.If prompted, click "Yes" to reboot.Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.NextPlease download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Are the redirects still happening now? Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321885 Share Posted October 2, 2010 TFC(Temp File Cleaner):Please download TFC to your desktop, Save any unsaved work. TFC will close all open application windows.Double-click TFC.exe to run the program.If prompted, click "Yes" to reboot.Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.NextPlease download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).Are the redirects still happening now?Firefox seems to be able AVG.com okay now.I did get a message on re-boot saying I have no firewall in operation.GooredFix by jpshortstuff (03.07.10.1)Log created at 16:47 on 02/10/2010 (HP_Owner)Firefox version 3.6.10 (en-GB)========== GooredScan ==================== GooredLog ==========C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:15 04/08/2009]{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [16:59 04/08/2009]{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [14:29 27/08/2009]{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [13:07 04/12/2009]{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [14:58 27/09/2010]C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [12:49 23/05/2010]{20a82645-c095-46ed-80e3-08825760534b} [10:39 28/04/2010]{ba14329e-9550-4989-b3f2-9732e92d17cc} [07:31 19/08/2010][HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:18 14/11/2009]"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:59 04/08/2009]"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG10\Firefox\" [20:03 28/09/2010]"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" [20:04 28/09/2010]-=E.O.F=- Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321888 Share Posted October 2, 2010 Be sure to check your firewall to be on the safe side.Your Computer is CleanSome final items:Follow these steps to uninstall Combofix and tools used in the removal of malwarePlease press the Windows Key and R on your keyboard. This will bring up the Run... command.Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)Please follow the prompts to uninstall Combofix.You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Here are some additional links for you to check out to help you with your computer security. BrowsersJust because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE. If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK buttonIf it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.Additional Security MeasuresVisit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.Secunia software inspector & update checker Visit My Blog for Malware and Spyware Tips Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321889 Share Posted October 2, 2010 Firefox seems to be able AVG.com okay now.I did get a message on re-boot saying I have no firewall in operation.GooredFix by jpshortstuff (03.07.10.1)Log created at 16:47 on 02/10/2010 (HP_Owner)Firefox version 3.6.10 (en-GB)========== GooredScan ==================== GooredLog ==========C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:15 04/08/2009]{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [16:59 04/08/2009]{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [14:29 27/08/2009]{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [13:07 04/12/2009]{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [14:58 27/09/2010]C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\5dyjay2d.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [12:49 23/05/2010]{20a82645-c095-46ed-80e3-08825760534b} [10:39 28/04/2010]{ba14329e-9550-4989-b3f2-9732e92d17cc} [07:31 19/08/2010][HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:18 14/11/2009]"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:59 04/08/2009]"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG10\Firefox\" [20:03 28/09/2010]"avg@igeared"="C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared" [20:04 28/09/2010]-=E.O.F=-Further to my last post, I did a Google search on ntdevice.exe and clicked a reference to Tech Guy Support. I got to the site okay but the browser tab title said - Search Engine redirecting and "ntdevice.exe" error. Hmmm. ntdevice was one of the original symptoms. Link to post Share on other sites More sharing options...
Kenny94 Posted October 2, 2010 ID:321891 Share Posted October 2, 2010 Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online ScannerClick Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.**Note**To optimize scanning time and produce a more sensible report for review:Close any open programs.Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321896 Share Posted October 2, 2010 Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online ScannerClick Accept, when prompted to download and install the program files and database of malware definitions. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.**Note**To optimize scanning time and produce a more sensible report for review:Close any open programs.Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.Kaspersky says that my computer is not suitable for their software. The help tells me that XP SP 2 is compatible but does not mention SP 3 which I have. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 2, 2010 Author ID:321897 Share Posted October 2, 2010 Kaspersky says that my computer is not suitable for their software. The help tells me that XP SP 2 is compatible but does not mention SP 3 which I have.OOPS, I should have used IE. Sorry 'bout that. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 3, 2010 Author ID:322117 Share Posted October 3, 2010 OOPS, I should have used IE. Sorry 'bout that.It took a while but here is the report from Kaspersky:--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, October 3, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, October 02, 2010 04:29:38 Records in database: 4274019--------------------------------------------------------------------------------Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yesScan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\Scan statistics: Objects scanned: 98651 Threats found: 3 Infected objects found: 3 Suspicious objects found: 0 Scan duration: 07:02:04File name / Threat / Threats countwinampa.exe\winampa.exe/winampa.exe\winampa.exe Infected: Worm.Win32.Qvod.anx 1C:\Documents and Settings\HP_Owner\My Documents\Downloads\SysAidServerFree.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.n 1C:\Program Files\EasyBits\KidsReady\Setup.exe Infected: Trojan.Win32.KillWin.iy 1Selected area has been scanned. Link to post Share on other sites More sharing options...
Kenny94 Posted October 3, 2010 ID:322391 Share Posted October 3, 2010 You need to reinstall Winamp. Let's remove it.Go to Start > Control Panel > Add/Remove Programs.Please remove these entries from Add/Remove Programs in the Control PanelWinampWinamp Detector Plug-inPlease download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::Processes:Services:Reg:FilesC:\Program Files\Winamp\winampa.exe C:\Documents and Settings\HP_Owner\My Documents\Downloads\SysAidServerFree.exe C:\Program Files\EasyBits\KidsReady\Setup.exe ipconfig /flushdns /c:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 3, 2010 Author ID:322426 Share Posted October 3, 2010 You need to reinstall Winamp. Let's remove it.Go to Start > Control Panel > Add/Remove Programs.Please remove these entries from Add/Remove Programs in the Control PanelWinampWinamp Detector Plug-inPlease download the OTM by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::Processes:Services:Reg:FilesC:\Program Files\Winamp\winampa.exe C:\Documents and Settings\HP_Owner\My Documents\Downloads\SysAidServerFree.exe C:\Program Files\EasyBits\KidsReady\Setup.exe ipconfig /flushdns /c:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot] Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Here is the OTM report:All processes killed========== PROCESSES ==================== SERVICES/DRIVERS ==================== REGISTRY ==================== FILES ==========File/Folder C:\Program Files\Winamp\winampa.exe not found.C:\Documents and Settings\HP_Owner\My Documents\Downloads\SysAidServerFree.exe moved successfully.C:\Program Files\EasyBits\KidsReady\Setup.exe moved successfully.< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: HP_Owner->Temp folder emptied: 109950809 bytes->Temporary Internet Files folder emptied: 16989713 bytes->Java cache emptied: 128094 bytes->FireFox cache emptied: 29583700 bytes->Google Chrome cache emptied: 65535318 bytes->Apple Safari cache emptied: 0 bytes->Flash cache emptied: 2753 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 33248 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 312 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 212.00 mbRestore point Set: OTM Restore Point (0)OTM by OldTimer - Version 3.1.16.1 log created on 10032010_164450Files moved on Reboot...Registry entries deleted on Reboot...Firefox is still showing the ntdevice error in the tab heading. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 3, 2010 Author ID:322506 Share Posted October 3, 2010 Here is the OTM report:All processes killed========== PROCESSES ==================== SERVICES/DRIVERS ==================== REGISTRY ==================== FILES ==========File/Folder C:\Program Files\Winamp\winampa.exe not found.C:\Documents and Settings\HP_Owner\My Documents\Downloads\SysAidServerFree.exe moved successfully.C:\Program Files\EasyBits\KidsReady\Setup.exe moved successfully.< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\HP_Owner\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\HP_Owner\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyI have been looking again at the tab heading I mentioned in Firefox: the ntdevice.exe error thing. I afraid I have started you on a wild goose chase. That text is the correct tab heading. It refers to the title of the post I was searching for. I do hope you have not been racking your brains over this. Does this mean my system is now clear after all?[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: HP_Owner->Temp folder emptied: 109950809 bytes->Temporary Internet Files folder emptied: 16989713 bytes->Java cache emptied: 128094 bytes->FireFox cache emptied: 29583700 bytes->Google Chrome cache emptied: 65535318 bytes->Apple Safari cache emptied: 0 bytes->Flash cache emptied: 2753 bytesUser: LocalService->Temp folder emptied: 66016 bytes->Temporary Internet Files folder emptied: 33248 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 312 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 212.00 mbRestore point Set: OTM Restore Point (0)OTM by OldTimer - Version 3.1.16.1 log created on 10032010_164450Files moved on Reboot...Registry entries deleted on Reboot...Firefox is still showing the ntdevice error in the tab heading. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 3, 2010 Author ID:322509 Share Posted October 3, 2010 I have been looking again at the tab heading I mentioned in Firefox: the ntdevice.exe error thing. I afraid I have started you on a wild goose chase. That text is the correct tab heading. It refers to the title of the post I was searching for. I do hope you have not been racking your brains over this. Does this mean my system is now clear after all? Link to post Share on other sites More sharing options...
Kenny94 Posted October 3, 2010 ID:322545 Share Posted October 3, 2010 I have been looking again at the tab heading I mentioned in Firefox: the ntdevice.exe error thing. I afraid I have started you on a wild goose chase. That text is the correct tab heading. It refers to the title of the post I was searching for. I do hope you have not been racking your brains over this. Does this mean my system is now clear after all?Yes it is clean.... To remove all of the tools we used and the files and folders they created, please do the following:Please download OTC.exe by OldTimer:Save it to your Desktop.Double click OTC.exe.Click the CleanUp! button.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. Link to post Share on other sites More sharing options...
BuffaloMatt Posted October 3, 2010 Author ID:322562 Share Posted October 3, 2010 Yes it is clean.... To remove all of the tools we used and the files and folders they created, please do the following:Please download OTC.exe by OldTimer:Save it to your Desktop.Double click OTC.exe.Click the CleanUp! button.If you are prompted to Reboot during the cleanup, select Yes.The tool will delete itself once it finishes.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.That looks great now. I have installed NoScript and WOT, as well as ZoneAlarm Firewall. My system is now like Fort Knox.Thank you very much for all your help. I appreciate it.Kind regards,Matt Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 7, 2010 ID:324364 Share Posted October 7, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts