Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected with Trojan / Other Malware


  • This topic is locked This topic is locked
18 replies to this topic

#1 DragonXZero

DragonXZero

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 09 July 2009 - 08:50 PM

Problems with my computer started a few days ago when I noticed a few suspicious processes running which I ended. I ran several scans using AVG, Ad-Aware, Avira, Spybot Search and Destroy and found and 'removed' them.

"C:\WINDOWS\system32\svchost.exe (2400)";"Trojan horse Generic13.ATPH";""
"C:\WINDOWS\system32\svchost.exe (1604)";"Trojan horse Generic13.ATPH";""
"C:\WINDOWS\system32\svchost.exe (1076)";"Trojan horse Generic13.ATPH";""
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
"\\?\globalroot\systemroot\system32\UACfflieyyymernheg.dll";"Trojan horse Generic13.ATPH";"Moved to Virus Vault"

However after I restarted my computer, it got as far as the "Windows Is Starting Up" screen before it just showed a blank black screen. I decided to try to run it on Safe Mode but got the same result. I then restarted it a few times before it finally started up and I ran a few more virus scans. They didn't show anything up so I tried to download and run Malwarebytes because several other sites recommended it but the program never installed anything when I ran it. The website also never shows anything up. I also made the mistake of downloading and installing Winifighter because a friend told me to and now I can't get rid of that either. My search bar for firefox was also hijacked because whenever someone typed something in, they'd be linked to weird sites. I removed the search bar and set the home page to google to prevent anyone from using it accidentally.

I usually close the suspicious processes I see on the rare occasions my computer starts up.

jwpen.exe
net.net
setup2.exe (which I assume is Winifighter because it closes once I end it)
mscfg32.exe

*Edit* I forgot to add that sometimes internet explorer started up randomly so I had to end iexplore.exe on several occasions because I started to hear a video running about sports. When I ended it the noise stopped. *Edit*



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 18:31:29.35 on Thu 07/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1265 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uStart Page = about:blank
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {2fee3a60-72cb-4ed7-9136-fe6f975ffce4} - No File
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [setup2.exe] c:\windows\system32\setup2.exe
mRun: [MSConfig] c:\windows\system\msconfig.exe /auto
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229848843250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: NameServer = 85.255.112.72,85.255.112.151
TCP: {96A068EA-395D-4540-BC61-FF348EC93CA6} = 85.255.112.72,85.255.112.151
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\wezunohi.dll,c:\windows\system32\husepuho.dll
LSA: Notification Packages = scecli c:\windows\system32\wezunohi.dll c:\windows\system32\husepuho.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [2009-5-1 10548]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-6 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-1 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-1 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-1 108552]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-11-1 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-1 394952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-6 185089]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-1 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-1 298776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-6 55640]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-16 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-16 169584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [2009-5-1 225280]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [2009-4-2 167987]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-1 24652]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-16 192112]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-24 1119888]
S3 XDva224;XDva224;\??\c:\windows\system32\xdva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\xdva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\xdva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\xdva259.sys --> c:\windows\system32\XDva259.sys [?]

=============== Created Last 30 ================

2009-07-06 19:24 <DIR> --d----- c:\program files\Avira
2009-07-06 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-06 17:44 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-06 17:34 <DIR> --d----- c:\program files\IObit
2009-07-06 17:34 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\IObit
2009-06-29 21:25 <DIR> --d----- c:\program files\The Adventure Company
2009-06-29 17:49 <DIR> --d----- c:\program files\EA GAMES

==================== Find3M ====================

2008-03-12 17:42 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:32:21.39 ===============


Any help would be greatly appreciated.

Attached Files


Edited by DragonXZero, 09 July 2009 - 08:57 PM.


BC AdBot (Login to Remove)

 


#2 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 10 July 2009 - 01:29 AM

I managed to get on safemode and renamed the Malwarebytes program
I found uacinit.dll and MSIVXcount in my system32 folders.
Right now I'm on a different computer posting this just in case.
However I wasn't able to remove them and the program said it would 'delete on boot' but when I restarted and went back on safemode to rescan
It came back up with 3 items. The 2 previously mentioned ones and a registry file.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC
Every time I restart and rescan, I get the same 3 items.

Edited by DragonXZero, 10 July 2009 - 01:41 AM.


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 10 July 2009 - 03:25 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 10 July 2009 - 04:20 AM

ComboFix 09-07-09.07 - HP_Administrator 07/10/2009 1:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1466 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\windows\10561trojz91.ocx
c:\windows\10758hac9toolz065.exe
c:\windows\1075zvir95679.exe
c:\windows\10851zot-a-virus39d.cpl
c:\windows\10z59troj650.ocx
c:\windows\10z89s5y6719.exe
c:\windows\11151wormz9d.ocx
c:\windows\114459zrm25.bin
c:\windows\12125noz-a9virus432.bin
c:\windows\12353spyz9.bin
c:\windows\123ed9wnloader548z.exe
c:\windows\12539tzal250.dll
c:\windows\12559worm30dz.ocx
c:\windows\1296t9ie51z27.cpl
c:\windows\12978spazb5t2de.bin
c:\windows\13268s9y519z.dll
c:\windows\137035zo95b8.bin
c:\windows\13c5b9czdoor2023.bin
c:\windows\14189spambo578z.dll
c:\windows\142505orm17z9.exe
c:\windows\146z1h9c5tool1d6.ocx
c:\windows\15451spa5zot9dd.ocx
c:\windows\1555595oj5bz.cpl
c:\windows\15623sp5z49.bin
c:\windows\15680not5a-virus5zd9.dll
c:\windows\15919trojz34.ocx
c:\windows\15a3threzt325579.dll
c:\windows\163759ormzf3.dll
c:\windows\16412hackt5zl4449.cpl
c:\windows\1662t9ief5z74.bin
c:\windows\168865ackt9olz69.exe
c:\windows\169505pz922.ocx
c:\windows\16c9ad5ware125z.exe
c:\windows\17267woz5499.ocx
c:\windows\172z05p97cd.bin
c:\windows\1751z9ro579f.dll
c:\windows\17995w5rz7eb.dll
c:\windows\17bbzac5door979.dll
c:\windows\18265hazktool19d.cpl
c:\windows\183z5s59406.dll
c:\windows\18511s5ambot4za9.exe
c:\windows\185fzir9950.bin
c:\windows\185z9spy539.ocx
c:\windows\1897viz1540.bin
c:\windows\18c5dow9loader1z69.bin
c:\windows\1908zpyware1175.dll
c:\windows\19112zroj5359.ocx
c:\windows\19190not-a-5irzs40f.bin
c:\windows\19537not-a-5irzs2f39.ocx
c:\windows\1955zief3194.dll
c:\windows\19576vizu9555.exe
c:\windows\19593not-a-virz5745.dll
c:\windows\19645ha9ktoo5zd3.bin
c:\windows\19764trojz35.bin
c:\windows\198z5ot-a9virus537.cpl
c:\windows\19982not-a-vi9zs1095.bin
c:\windows\1999spa5boz798.dll
c:\windows\19z439pamb5t599.exe
c:\windows\19z79troj59.exe
c:\windows\1a5sparsez966.dll
c:\windows\1c9threatz0335.dll
c:\windows\1cb8zhre9529948.bin
c:\windows\1d52thiefz99.ocx
c:\windows\1z329troj375.dll
c:\windows\1z354hacktool53a9.exe
c:\windows\1z915virus9fa.ocx
c:\windows\1z991vir9s5ed.ocx
c:\windows\201479irus60z5.dll
c:\windows\20158h9ckt5olz7f.bin
c:\windows\204zs5ywa9e1562.dll
c:\windows\206ad9wnloader572z.cpl
c:\windows\2298spywarez552.exe
c:\windows\22ecspz9se2578.cpl
c:\windows\23299not-z-viru54769.cpl
c:\windows\23451s597za.cpl
c:\windows\23559hacztool7f4.bin
c:\windows\23757viruz985.bin
c:\windows\23963haz9too5390.dll
c:\windows\24387tr9jz655.cpl
c:\windows\Installer\5cec7.msi
c:\windows\system32\5604zspambo94cd.dll
c:\windows\system32\drivers\MSIVXirmoeddkleafydlnxeamnpwmxapvakyt.sys
c:\windows\system32\drivers\UACpcferplrdqtvuvf.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXpjyotxgodpebgrucabisacxelvwbeoti.dll
c:\windows\system32\MSIVXyoqdyjbolkmlkhxspxyxdcndicujhjcw.dll
c:\windows\system32\UACbwinqpusntdyykn.dll
c:\windows\system32\UACctjuyjklrpdysum.dat
c:\windows\system32\UACfflieyyymernheg.dll
c:\windows\system32\UAChilwtequnkseeqq.dll
c:\windows\system32\UACikmgygtkpqfarsh.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjbxoghlespquxat.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACwgoiklbohidanrg.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-12-26 13:37 . 2009-12-26 13:37 5597 ----a-w- c:\windows\2fa0zp95are3112.bin
2009-12-25 14:44 . 2009-12-25 14:44 9663 ----a-w- c:\windows\system32\445ez5reat94147.dll
2009-12-24 22:24 . 2009-12-24 22:24 8906 ----a-w- c:\windows\system32\8540zro5299.bin
2009-12-22 16:18 . 2009-12-22 16:18 16707 ----a-w- c:\windows\z385vi91845.bin
2009-12-22 15:40 . 2009-12-22 15:40 7259 ----a-w- c:\windows\system32\295szy50c.dll
2009-12-22 07:53 . 2009-12-22 07:53 2838 ----a-w- c:\windows\7153s5yware27z79.exe
2009-12-17 21:34 . 2009-12-17 21:34 17863 ----a-w- c:\windows\system32\31124t5zj3d19.exe
2009-12-11 14:42 . 2009-12-11 14:42 7764 ----a-w- c:\windows\6c05dzw59oader2308.dll
2009-12-07 22:01 . 2009-12-07 22:01 12965 ----a-w- c:\windows\5057zspyc9.dll
2009-12-07 12:10 . 2009-12-07 12:10 14512 ----a-w- c:\windows\system32\z7554virus139.dll
2009-12-07 11:36 . 2009-12-07 11:36 10787 ----a-w- c:\windows\system32\32993viruz52c.dll
2009-12-05 13:28 . 2009-12-05 13:28 17163 ----a-w- c:\windows\z6057troj659.bin
2009-12-04 04:47 . 2009-12-04 04:47 4867 ----a-w- c:\windows\27834s9a5bot1z1.bin
2009-12-03 00:36 . 2009-12-03 00:36 11774 ----a-w- c:\windows\system32\208759pzmbot76c.bin
2009-12-01 05:42 . 2009-12-01 05:42 15949 ----a-w- c:\windows\25606not-azv5ru9639.bin
2009-11-27 15:35 . 2009-11-27 15:35 16320 ----a-w- c:\windows\41z89hreat21598.exe
2009-11-26 20:08 . 2009-11-26 20:08 8735 ----a-w- c:\windows\system32\9d5addwar5188z.exe
2009-11-25 22:35 . 2009-11-25 22:35 8890 ----a-w- c:\windows\272175ack9ozl185.exe
2009-11-23 10:17 . 2009-11-23 10:17 2877 ----a-w- c:\windows\system32\75z4sp5mb9t244.dll
2009-11-22 08:55 . 2009-11-22 08:55 11284 ----a-w- c:\windows\system32\1579sp5zse2631.bin
2009-11-21 17:16 . 2009-11-21 17:16 8635 ----a-w- c:\windows\system32\4b98downlz5de937.bin
2009-11-20 04:48 . 2009-11-20 04:48 10386 ----a-w- c:\windows\system32\14442not9z5virus4cd.dll
2009-11-20 02:17 . 2009-11-20 02:17 14040 ----a-w- c:\windows\5dc1spyware2z829.dll
2009-11-17 12:34 . 2009-11-17 12:34 11576 ----a-w- c:\windows\990spa5bot18z9.bin
2009-11-14 17:23 . 2009-11-14 17:23 4742 ----a-w- c:\windows\system32\30925hackt95l3dfz.dll
2009-11-14 10:22 . 2009-11-14 10:22 16543 ----a-w- c:\windows\29571spam5oz1f29.exe
2009-11-11 23:35 . 2009-11-11 23:35 13068 ----a-w- c:\windows\system32\20410h5cktzol695.bin
2009-11-10 14:22 . 2009-11-10 14:22 4538 ----a-w- c:\windows\system32\559zs9y355.exe
2009-11-02 02:08 . 2009-11-02 02:08 8415 ----a-w- c:\windows\4335downz9ader2311.exe
2009-10-28 09:54 . 2009-10-28 09:54 14762 ----a-w- c:\windows\579z5py2a29.exe
2009-10-23 23:48 . 2009-10-23 23:48 13986 ----a-w- c:\windows\system32\38zthie59466.exe
2009-10-21 03:43 . 2009-10-21 03:43 12306 ----a-w- c:\windows\25b4a95warz124.bin
2009-10-20 13:41 . 2009-10-20 13:41 14221 ----a-w- c:\windows\system32\9z605irus648.exe
2009-10-18 07:34 . 2009-10-18 07:34 7957 ----a-w- c:\windows\5151woz9760.dll
2009-10-18 04:33 . 2009-10-18 04:33 10774 ----a-w- c:\windows\2a99dowzloader2953.dll
2009-10-17 19:05 . 2009-10-17 19:05 3408 ----a-w- c:\windows\system32\8265trzj295.exe
2009-10-17 17:57 . 2009-10-17 17:57 9464 ----a-w- c:\windows\system32\5559irusz6e5.dll
2009-10-17 00:47 . 2009-10-17 00:47 7778 ----a-w- c:\windows\system32\z81dspa5s92015.dll
2009-10-16 06:20 . 2009-10-16 06:20 16944 ----a-w- c:\windows\system32\15631sp52fz9.bin
2009-10-16 00:47 . 2009-10-16 00:47 12601 ----a-w- c:\windows\system32\zde9spyware995.exe
2009-10-12 13:23 . 2009-10-12 13:23 12679 ----a-w- c:\windows\system32\7229downloa9er5841z.bin
2009-10-04 05:58 . 2009-10-04 05:58 10094 ----a-w- c:\windows\system32\30924spz5ec5.dll
2009-10-02 09:53 . 2009-10-02 09:53 6567 ----a-w- c:\windows\system32\959bbaczdoor5197.bin
2009-10-01 23:37 . 2009-10-01 23:37 17608 ----a-w- c:\windows\system32\5637szeal979.bin
2009-10-01 13:16 . 2009-10-01 13:16 11615 ----a-w- c:\windows\296165acktoolz9.exe
2009-09-27 01:12 . 2009-09-27 01:12 10309 ----a-w- c:\windows\6z59backdoor1355.exe
2009-09-27 00:17 . 2009-09-27 00:17 16281 ----a-w- c:\windows\system32\452s5y911z.exe
2009-09-26 16:11 . 2009-09-26 16:11 7277 ----a-w- c:\windows\5f2v9r784z.bin
2009-09-15 11:24 . 2009-09-15 11:24 9708 ----a-w- c:\windows\system32\5f11zir9955.dll
2009-09-14 15:30 . 2009-09-14 15:30 16237 ----a-w- c:\windows\system32\4d3dbackdo59z660.bin
2009-09-13 18:37 . 2009-09-13 18:37 7593 ----a-w- c:\windows\system32\z81es9eal5465.dll
2009-09-11 15:46 . 2009-09-11 15:46 7452 ----a-w- c:\windows\system32\1089095y5fz.bin
2009-09-09 23:25 . 2009-09-09 23:25 12427 ----a-w- c:\windows\system32\z36595py6aa.exe
2009-09-07 03:18 . 2009-09-07 03:18 9409 ----a-w- c:\windows\314z1tro9451.exe
2009-09-04 22:55 . 2009-09-04 22:55 18382 ----a-w- c:\windows\5z96spam5ot8c.dll
2009-09-02 06:09 . 2009-09-02 06:09 10294 ----a-w- c:\windows\c85spzwa9e67.bin
2009-09-02 05:20 . 2009-09-02 05:20 4882 ----a-w- c:\windows\system32\3z1ddow5loader9313.exe
2009-09-01 17:38 . 2009-09-01 17:38 9061 ----a-w- c:\windows\system32\22094hac5tozl589.dll
2009-08-28 09:48 . 2009-08-28 09:48 8395 ----a-w- c:\windows\8819spa9bot54cz.bin
2009-08-27 16:41 . 2009-08-27 16:41 4735 ----a-w- c:\windows\954s9ar5z285.bin
2009-08-27 08:37 . 2009-08-27 08:37 16799 ----a-w- c:\windows\5172thre9t11953z.exe
2009-08-26 18:02 . 2009-08-26 18:02 9168 ----a-w- c:\windows\zbf9spyware5233.dll
2009-08-26 02:53 . 2009-08-26 02:53 9624 ----a-w- c:\windows\system32\527bdow9loazer2553.bin
2009-08-21 04:31 . 2009-08-21 04:31 3202 ----a-w- c:\windows\system32\5f30azd5ar92124.dll
2009-08-17 06:06 . 2009-08-17 06:06 6862 ----a-w- c:\windows\system32\16195viruz8a.exe
2009-08-15 18:37 . 2009-08-15 18:37 14056 ----a-w- c:\windows\system32\301f9zeal2539.dll
2009-08-15 08:30 . 2009-08-15 08:30 10936 ----a-w- c:\windows\system32\18549t5oj446z.exe
2009-08-10 03:43 . 2009-08-10 03:43 5863 ----a-w- c:\windows\5dcth9eat3082z.dll
2009-08-07 23:29 . 2009-08-07 23:29 5887 ----a-w- c:\windows\system32\1950sparse356z.bin
2009-08-06 10:36 . 2009-08-06 10:36 7186 ----a-w- c:\windows\5d32steal981z.exe
2009-08-05 17:42 . 2009-08-05 17:42 3018 ----a-w- c:\windows\29fzsparse2295.exe
2009-08-04 16:48 . 2009-08-04 16:48 13289 ----a-w- c:\windows\system32\26029hzcktool4e59.exe
2009-08-04 15:33 . 2009-08-04 15:33 17772 ----a-w- c:\windows\7953addware1z98.dll
2009-07-28 03:51 . 2009-07-28 03:51 5113 ----a-w- c:\windows\system32\zbc55tea93260.exe
2009-07-24 03:56 . 2009-07-24 03:56 17637 ----a-w- c:\windows\system32\25955vzrus3c6.dll
2009-07-23 14:54 . 2009-07-23 14:54 16571 ----a-w- c:\windows\41acbaczdoor2495.dll
2009-07-20 23:00 . 2009-07-20 23:00 12355 ----a-w- c:\windows\5e38thze5t69509.exe
2009-07-19 04:00 . 2009-07-19 04:00 8484 ----a-w- c:\windows\system32\4997downloaderz157.dll
2009-07-15 20:04 . 2009-07-15 20:04 4399 ----a-w- c:\windows\system32\94699ha5kzool6f6.dll
2009-07-15 19:28 . 2009-07-15 19:28 3074 ----a-w- c:\windows\system32\z118steal9257.dll
2009-07-13 00:15 . 2009-07-13 00:15 11443 ----a-w- c:\windows\system32\49a5thiefz999.exe
2009-07-11 10:52 . 2009-07-11 10:52 7271 ----a-w- c:\windows\4025hacktoozb59.exe
2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 20:12 . 2009-07-09 20:12 4872 ----a-w- c:\windows\system32\558299irzs17d.bin
2009-07-07 08:46 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-07 03:24 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 03:24 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-07 03:24 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-07 03:24 . 2009-07-07 03:24 -------- d-----w- c:\program files\Avira
2009-07-07 03:24 . 2009-07-07 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-07 01:44 . 2009-07-07 01:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 01:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:40 . 2009-07-06 14:40 5758 ----a-w- c:\windows\29511zo5m19.exe
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-06 08:48 . 2009-07-06 08:48 7919 ----a-w- c:\windows\system32\1e8z59yware263.dll
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2009-06-30 01:49 -------- d-----w- c:\program files\EA GAMES
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-28 15:25 . 2009-06-28 15:25 10908 ----a-w- c:\windows\6696zo5m449.dll
2009-06-28 13:38 . 2009-06-28 13:38 10876 ----a-w- c:\windows\77229rzj564.exe
2009-06-28 12:28 . 2009-06-28 12:28 3952 ----a-w- c:\windows\system32\2395z9oj5c.exe
2009-06-26 21:34 . 2009-06-26 21:34 15039 ----a-w- c:\windows\45e75ow9lzader53.bin
2009-06-26 00:17 . 2009-06-26 00:17 9451 ----a-w- c:\windows\system32\31515hacktzol198.bin
2009-06-22 10:49 . 2009-06-22 10:49 14290 ----a-w- c:\windows\system32\13759hac9tzo5251.exe
2009-06-17 19:32 . 2009-06-17 19:32 14362 ----a-w- c:\windows\system32\275f9tealz775.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 10:00 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 09:57 . 2008-11-01 19:40 571676 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 09:57 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:44 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-07 01:44 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-06-07 08:09 . 2009-06-07 08:09 2890 ----a-w- c:\windows\system32\d76ad9warez4795.dll
2009-06-06 22:02 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 05:52 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-06-04 01:16 . 2009-06-04 01:16 15162 ----a-w- c:\windows\z9995roj6979.bin
2009-06-03 23:55 . 2009-06-03 23:55 5304 ----a-w- c:\windows\system32\2219wo5z3d39.exe
2009-06-03 02:02 . 2009-06-03 02:02 7162 ----a-w- c:\windows\5zd9spyware969.bin
2009-06-01 00:15 . 2009-01-14 07:15 4920139 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-27 22:30 . 2009-05-27 22:30 18190 ----a-w- c:\windows\9017z5roj2c2.exe
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-25 17:09 . 2009-05-25 17:09 13276 ----a-w- c:\windows\system32\4a39sz5rse1836.bin
2009-05-20 23:47 . 2009-05-20 23:47 15843 ----a-w- c:\windows\system32\7422v9zus582.bin
2009-05-20 22:26 . 2009-05-20 22:26 3926 ----a-w- c:\windows\7a75stezl5988.bin
2009-05-19 22:15 . 2009-05-19 22:15 15371 ----a-w- c:\windows\24z4s95al20.exe
2009-05-19 04:35 . 2009-05-19 04:35 16580 ----a-w- c:\windows\system32\195athre9tz080.dll
2009-05-17 19:14 . 2009-05-17 19:14 17079 ----a-w- c:\windows\28252zor9546.exe
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-14 01:48 . 2009-05-14 01:48 14708 ----a-w- c:\windows\system32\3193z9iru5266.exe
2009-05-13 12:41 . 2009-05-13 12:41 8495 ----a-w- c:\windows\833ste5l2997z.dll
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-09 18:23 . 2009-05-09 18:23 9841 ----a-w- c:\windows\system32\39c5tzr9at5534.bin
2009-05-08 11:47 . 2009-05-08 11:47 17621 ----a-w- c:\windows\system32\59f8v5rz79.dll
2009-05-07 10:49 . 2009-05-07 10:49 2988 ----a-w- c:\windows\5c5fthrza925117.dll
2009-05-07 10:27 . 2009-05-07 10:27 7191 ----a-w- c:\windows\z48dsp5wa9e2693.dll
2009-05-06 23:25 . 2009-05-06 23:25 6518 ----a-w- c:\windows\system32\9edz5ir461.dll
2009-05-05 06:01 . 2009-05-05 06:01 16823 ----a-w- c:\windows\system32\29zfs5arse977.bin
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-28 17:06 . 2009-04-28 17:06 2809 ----a-w- c:\windows\system32\6c59sza9se2963.exe
2009-04-27 16:23 . 2009-04-27 16:23 15058 ----a-w- c:\windows\4905stea5z599.dll
2009-04-26 18:32 . 2009-04-26 18:32 11151 ----a-w- c:\windows\5b24sz9al1894.exe
2009-04-26 13:02 . 2009-04-26 13:02 10039 ----a-w- c:\windows\4504threatz9763.dll
2009-04-26 01:13 . 2009-04-26 01:13 2862 ----a-w- c:\windows\system32\4898thz5f2750.bin
2009-04-20 08:00 . 2009-04-20 08:00 12719 ----a-w- c:\windows\5985spywzre9458.dll
2009-04-19 22:52 . 2009-04-19 22:52 13970 ----a-w- c:\windows\system32\13917not-5-v9ruz194.dll
2009-04-18 13:53 . 2009-04-18 13:53 17569 ----a-w- c:\windows\system32\4c93thr5az15843.bin
2009-04-15 14:49 . 2009-04-15 14:49 14576 ----a-w- c:\windows\system32\7z71hacktoo95d5.dll
2009-04-15 03:34 . 2009-04-15 03:34 17768 ----a-w- c:\windows\system32\12949zpy55.dll
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2009-04-13 20:12 . 2009-04-13 20:12 2652 ----a-w- c:\windows\system32\9295roj69z.dll
2009-04-12 03:57 . 2009-04-12 03:51 35762 ----a-w- c:\windows\DIIUnin.dat
2009-04-12 03:56 . 2009-04-12 03:56 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-04-12 03:56 . 2009-04-12 03:56 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-04-12 03:56 . 2009-04-12 03:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-04-12 03:51 . 2009-04-12 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-12 03:51 . 2009-04-12 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-12 03:40 . 2009-03-01 20:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"npkcmsvc"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MS NetConfig"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ELService"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DcomLaunch"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2009 7:24 PM 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/1/2008 11:37 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/1/2008 11:37 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 951632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [5/1/2009 5:35 PM 225280]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [4/2/2009 1:30 AM 167987]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/9/2009 10:38 PM 38160]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2fee3a60-72cb-4ed7-9136-fe6f975ffce4} - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 02:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\msnt.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-07-10 2:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 10:16

Pre-Run: 130,215,747,584 bytes free
Post-Run: 130,084,904,960 bytes free

629




FW: Norton Internet Security 2006
I didn't even know I had this installed.

ComboFix 09-07-09.07 - HP_Administrator 07/10/2009 1:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1466 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Application Data\inst.exe
c:\windows\10561trojz91.ocx
c:\windows\10758hac9toolz065.exe
c:\windows\1075zvir95679.exe
c:\windows\10851zot-a-virus39d.cpl
c:\windows\10z59troj650.ocx
c:\windows\10z89s5y6719.exe
c:\windows\11151wormz9d.ocx
c:\windows\114459zrm25.bin
c:\windows\12125noz-a9virus432.bin
c:\windows\12353spyz9.bin
c:\windows\123ed9wnloader548z.exe
c:\windows\12539tzal250.dll
c:\windows\12559worm30dz.ocx
c:\windows\1296t9ie51z27.cpl
c:\windows\12978spazb5t2de.bin
c:\windows\13268s9y519z.dll
c:\windows\137035zo95b8.bin
c:\windows\13c5b9czdoor2023.bin
c:\windows\14189spambo578z.dll
c:\windows\142505orm17z9.exe
c:\windows\146z1h9c5tool1d6.ocx
c:\windows\15451spa5zot9dd.ocx
c:\windows\1555595oj5bz.cpl
c:\windows\15623sp5z49.bin
c:\windows\15680not5a-virus5zd9.dll
c:\windows\15919trojz34.ocx
c:\windows\15a3threzt325579.dll
c:\windows\163759ormzf3.dll
c:\windows\16412hackt5zl4449.cpl
c:\windows\1662t9ief5z74.bin
c:\windows\168865ackt9olz69.exe
c:\windows\169505pz922.ocx
c:\windows\16c9ad5ware125z.exe
c:\windows\17267woz5499.ocx
c:\windows\172z05p97cd.bin
c:\windows\1751z9ro579f.dll
c:\windows\17995w5rz7eb.dll
c:\windows\17bbzac5door979.dll
c:\windows\18265hazktool19d.cpl
c:\windows\183z5s59406.dll
c:\windows\18511s5ambot4za9.exe
c:\windows\185fzir9950.bin
c:\windows\185z9spy539.ocx
c:\windows\1897viz1540.bin
c:\windows\18c5dow9loader1z69.bin
c:\windows\1908zpyware1175.dll
c:\windows\19112zroj5359.ocx
c:\windows\19190not-a-5irzs40f.bin
c:\windows\19537not-a-5irzs2f39.ocx
c:\windows\1955zief3194.dll
c:\windows\19576vizu9555.exe
c:\windows\19593not-a-virz5745.dll
c:\windows\19645ha9ktoo5zd3.bin
c:\windows\19764trojz35.bin
c:\windows\198z5ot-a9virus537.cpl
c:\windows\19982not-a-vi9zs1095.bin
c:\windows\1999spa5boz798.dll
c:\windows\19z439pamb5t599.exe
c:\windows\19z79troj59.exe
c:\windows\1a5sparsez966.dll
c:\windows\1c9threatz0335.dll
c:\windows\1cb8zhre9529948.bin
c:\windows\1d52thiefz99.ocx
c:\windows\1z329troj375.dll
c:\windows\1z354hacktool53a9.exe
c:\windows\1z915virus9fa.ocx
c:\windows\1z991vir9s5ed.ocx
c:\windows\201479irus60z5.dll
c:\windows\20158h9ckt5olz7f.bin
c:\windows\204zs5ywa9e1562.dll
c:\windows\206ad9wnloader572z.cpl
c:\windows\2298spywarez552.exe
c:\windows\22ecspz9se2578.cpl
c:\windows\23299not-z-viru54769.cpl
c:\windows\23451s597za.cpl
c:\windows\23559hacztool7f4.bin
c:\windows\23757viruz985.bin
c:\windows\23963haz9too5390.dll
c:\windows\24387tr9jz655.cpl
c:\windows\Installer\5cec7.msi
c:\windows\system32\5604zspambo94cd.dll
c:\windows\system32\drivers\MSIVXirmoeddkleafydlnxeamnpwmxapvakyt.sys
c:\windows\system32\drivers\UACpcferplrdqtvuvf.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXpjyotxgodpebgrucabisacxelvwbeoti.dll
c:\windows\system32\MSIVXyoqdyjbolkmlkhxspxyxdcndicujhjcw.dll
c:\windows\system32\UACbwinqpusntdyykn.dll
c:\windows\system32\UACctjuyjklrpdysum.dat
c:\windows\system32\UACfflieyyymernheg.dll
c:\windows\system32\UAChilwtequnkseeqq.dll
c:\windows\system32\UACikmgygtkpqfarsh.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjbxoghlespquxat.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACwgoiklbohidanrg.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-12-26 13:37 . 2009-12-26 13:37 5597 ----a-w- c:\windows\2fa0zp95are3112.bin
2009-12-25 14:44 . 2009-12-25 14:44 9663 ----a-w- c:\windows\system32\445ez5reat94147.dll
2009-12-24 22:24 . 2009-12-24 22:24 8906 ----a-w- c:\windows\system32\8540zro5299.bin
2009-12-22 16:18 . 2009-12-22 16:18 16707 ----a-w- c:\windows\z385vi91845.bin
2009-12-22 15:40 . 2009-12-22 15:40 7259 ----a-w- c:\windows\system32\295szy50c.dll
2009-12-22 07:53 . 2009-12-22 07:53 2838 ----a-w- c:\windows\7153s5yware27z79.exe
2009-12-17 21:34 . 2009-12-17 21:34 17863 ----a-w- c:\windows\system32\31124t5zj3d19.exe
2009-12-11 14:42 . 2009-12-11 14:42 7764 ----a-w- c:\windows\6c05dzw59oader2308.dll
2009-12-07 22:01 . 2009-12-07 22:01 12965 ----a-w- c:\windows\5057zspyc9.dll
2009-12-07 12:10 . 2009-12-07 12:10 14512 ----a-w- c:\windows\system32\z7554virus139.dll
2009-12-07 11:36 . 2009-12-07 11:36 10787 ----a-w- c:\windows\system32\32993viruz52c.dll
2009-12-05 13:28 . 2009-12-05 13:28 17163 ----a-w- c:\windows\z6057troj659.bin
2009-12-04 04:47 . 2009-12-04 04:47 4867 ----a-w- c:\windows\27834s9a5bot1z1.bin
2009-12-03 00:36 . 2009-12-03 00:36 11774 ----a-w- c:\windows\system32\208759pzmbot76c.bin
2009-12-01 05:42 . 2009-12-01 05:42 15949 ----a-w- c:\windows\25606not-azv5ru9639.bin
2009-11-27 15:35 . 2009-11-27 15:35 16320 ----a-w- c:\windows\41z89hreat21598.exe
2009-11-26 20:08 . 2009-11-26 20:08 8735 ----a-w- c:\windows\system32\9d5addwar5188z.exe
2009-11-25 22:35 . 2009-11-25 22:35 8890 ----a-w- c:\windows\272175ack9ozl185.exe
2009-11-23 10:17 . 2009-11-23 10:17 2877 ----a-w- c:\windows\system32\75z4sp5mb9t244.dll
2009-11-22 08:55 . 2009-11-22 08:55 11284 ----a-w- c:\windows\system32\1579sp5zse2631.bin
2009-11-21 17:16 . 2009-11-21 17:16 8635 ----a-w- c:\windows\system32\4b98downlz5de937.bin
2009-11-20 04:48 . 2009-11-20 04:48 10386 ----a-w- c:\windows\system32\14442not9z5virus4cd.dll
2009-11-20 02:17 . 2009-11-20 02:17 14040 ----a-w- c:\windows\5dc1spyware2z829.dll
2009-11-17 12:34 . 2009-11-17 12:34 11576 ----a-w- c:\windows\990spa5bot18z9.bin
2009-11-14 17:23 . 2009-11-14 17:23 4742 ----a-w- c:\windows\system32\30925hackt95l3dfz.dll
2009-11-14 10:22 . 2009-11-14 10:22 16543 ----a-w- c:\windows\29571spam5oz1f29.exe
2009-11-11 23:35 . 2009-11-11 23:35 13068 ----a-w- c:\windows\system32\20410h5cktzol695.bin
2009-11-10 14:22 . 2009-11-10 14:22 4538 ----a-w- c:\windows\system32\559zs9y355.exe
2009-11-02 02:08 . 2009-11-02 02:08 8415 ----a-w- c:\windows\4335downz9ader2311.exe
2009-10-28 09:54 . 2009-10-28 09:54 14762 ----a-w- c:\windows\579z5py2a29.exe
2009-10-23 23:48 . 2009-10-23 23:48 13986 ----a-w- c:\windows\system32\38zthie59466.exe
2009-10-21 03:43 . 2009-10-21 03:43 12306 ----a-w- c:\windows\25b4a95warz124.bin
2009-10-20 13:41 . 2009-10-20 13:41 14221 ----a-w- c:\windows\system32\9z605irus648.exe
2009-10-18 07:34 . 2009-10-18 07:34 7957 ----a-w- c:\windows\5151woz9760.dll
2009-10-18 04:33 . 2009-10-18 04:33 10774 ----a-w- c:\windows\2a99dowzloader2953.dll
2009-10-17 19:05 . 2009-10-17 19:05 3408 ----a-w- c:\windows\system32\8265trzj295.exe
2009-10-17 17:57 . 2009-10-17 17:57 9464 ----a-w- c:\windows\system32\5559irusz6e5.dll
2009-10-17 00:47 . 2009-10-17 00:47 7778 ----a-w- c:\windows\system32\z81dspa5s92015.dll
2009-10-16 06:20 . 2009-10-16 06:20 16944 ----a-w- c:\windows\system32\15631sp52fz9.bin
2009-10-16 00:47 . 2009-10-16 00:47 12601 ----a-w- c:\windows\system32\zde9spyware995.exe
2009-10-12 13:23 . 2009-10-12 13:23 12679 ----a-w- c:\windows\system32\7229downloa9er5841z.bin
2009-10-04 05:58 . 2009-10-04 05:58 10094 ----a-w- c:\windows\system32\30924spz5ec5.dll
2009-10-02 09:53 . 2009-10-02 09:53 6567 ----a-w- c:\windows\system32\959bbaczdoor5197.bin
2009-10-01 23:37 . 2009-10-01 23:37 17608 ----a-w- c:\windows\system32\5637szeal979.bin
2009-10-01 13:16 . 2009-10-01 13:16 11615 ----a-w- c:\windows\296165acktoolz9.exe
2009-09-27 01:12 . 2009-09-27 01:12 10309 ----a-w- c:\windows\6z59backdoor1355.exe
2009-09-27 00:17 . 2009-09-27 00:17 16281 ----a-w- c:\windows\system32\452s5y911z.exe
2009-09-26 16:11 . 2009-09-26 16:11 7277 ----a-w- c:\windows\5f2v9r784z.bin
2009-09-15 11:24 . 2009-09-15 11:24 9708 ----a-w- c:\windows\system32\5f11zir9955.dll
2009-09-14 15:30 . 2009-09-14 15:30 16237 ----a-w- c:\windows\system32\4d3dbackdo59z660.bin
2009-09-13 18:37 . 2009-09-13 18:37 7593 ----a-w- c:\windows\system32\z81es9eal5465.dll
2009-09-11 15:46 . 2009-09-11 15:46 7452 ----a-w- c:\windows\system32\1089095y5fz.bin
2009-09-09 23:25 . 2009-09-09 23:25 12427 ----a-w- c:\windows\system32\z36595py6aa.exe
2009-09-07 03:18 . 2009-09-07 03:18 9409 ----a-w- c:\windows\314z1tro9451.exe
2009-09-04 22:55 . 2009-09-04 22:55 18382 ----a-w- c:\windows\5z96spam5ot8c.dll
2009-09-02 06:09 . 2009-09-02 06:09 10294 ----a-w- c:\windows\c85spzwa9e67.bin
2009-09-02 05:20 . 2009-09-02 05:20 4882 ----a-w- c:\windows\system32\3z1ddow5loader9313.exe
2009-09-01 17:38 . 2009-09-01 17:38 9061 ----a-w- c:\windows\system32\22094hac5tozl589.dll
2009-08-28 09:48 . 2009-08-28 09:48 8395 ----a-w- c:\windows\8819spa9bot54cz.bin
2009-08-27 16:41 . 2009-08-27 16:41 4735 ----a-w- c:\windows\954s9ar5z285.bin
2009-08-27 08:37 . 2009-08-27 08:37 16799 ----a-w- c:\windows\5172thre9t11953z.exe
2009-08-26 18:02 . 2009-08-26 18:02 9168 ----a-w- c:\windows\zbf9spyware5233.dll
2009-08-26 02:53 . 2009-08-26 02:53 9624 ----a-w- c:\windows\system32\527bdow9loazer2553.bin
2009-08-21 04:31 . 2009-08-21 04:31 3202 ----a-w- c:\windows\system32\5f30azd5ar92124.dll
2009-08-17 06:06 . 2009-08-17 06:06 6862 ----a-w- c:\windows\system32\16195viruz8a.exe
2009-08-15 18:37 . 2009-08-15 18:37 14056 ----a-w- c:\windows\system32\301f9zeal2539.dll
2009-08-15 08:30 . 2009-08-15 08:30 10936 ----a-w- c:\windows\system32\18549t5oj446z.exe
2009-08-10 03:43 . 2009-08-10 03:43 5863 ----a-w- c:\windows\5dcth9eat3082z.dll
2009-08-07 23:29 . 2009-08-07 23:29 5887 ----a-w- c:\windows\system32\1950sparse356z.bin
2009-08-06 10:36 . 2009-08-06 10:36 7186 ----a-w- c:\windows\5d32steal981z.exe
2009-08-05 17:42 . 2009-08-05 17:42 3018 ----a-w- c:\windows\29fzsparse2295.exe
2009-08-04 16:48 . 2009-08-04 16:48 13289 ----a-w- c:\windows\system32\26029hzcktool4e59.exe
2009-08-04 15:33 . 2009-08-04 15:33 17772 ----a-w- c:\windows\7953addware1z98.dll
2009-07-28 03:51 . 2009-07-28 03:51 5113 ----a-w- c:\windows\system32\zbc55tea93260.exe
2009-07-24 03:56 . 2009-07-24 03:56 17637 ----a-w- c:\windows\system32\25955vzrus3c6.dll
2009-07-23 14:54 . 2009-07-23 14:54 16571 ----a-w- c:\windows\41acbaczdoor2495.dll
2009-07-20 23:00 . 2009-07-20 23:00 12355 ----a-w- c:\windows\5e38thze5t69509.exe
2009-07-19 04:00 . 2009-07-19 04:00 8484 ----a-w- c:\windows\system32\4997downloaderz157.dll
2009-07-15 20:04 . 2009-07-15 20:04 4399 ----a-w- c:\windows\system32\94699ha5kzool6f6.dll
2009-07-15 19:28 . 2009-07-15 19:28 3074 ----a-w- c:\windows\system32\z118steal9257.dll
2009-07-13 00:15 . 2009-07-13 00:15 11443 ----a-w- c:\windows\system32\49a5thiefz999.exe
2009-07-11 10:52 . 2009-07-11 10:52 7271 ----a-w- c:\windows\4025hacktoozb59.exe
2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 20:12 . 2009-07-09 20:12 4872 ----a-w- c:\windows\system32\558299irzs17d.bin
2009-07-07 08:46 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-07 03:24 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 03:24 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-07 03:24 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-07 03:24 . 2009-07-07 03:24 -------- d-----w- c:\program files\Avira
2009-07-07 03:24 . 2009-07-07 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-07 01:44 . 2009-07-07 01:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 01:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:40 . 2009-07-06 14:40 5758 ----a-w- c:\windows\29511zo5m19.exe
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-06 08:48 . 2009-07-06 08:48 7919 ----a-w- c:\windows\system32\1e8z59yware263.dll
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2009-06-30 01:49 -------- d-----w- c:\program files\EA GAMES
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-28 15:25 . 2009-06-28 15:25 10908 ----a-w- c:\windows\6696zo5m449.dll
2009-06-28 13:38 . 2009-06-28 13:38 10876 ----a-w- c:\windows\77229rzj564.exe
2009-06-28 12:28 . 2009-06-28 12:28 3952 ----a-w- c:\windows\system32\2395z9oj5c.exe
2009-06-26 21:34 . 2009-06-26 21:34 15039 ----a-w- c:\windows\45e75ow9lzader53.bin
2009-06-26 00:17 . 2009-06-26 00:17 9451 ----a-w- c:\windows\system32\31515hacktzol198.bin
2009-06-22 10:49 . 2009-06-22 10:49 14290 ----a-w- c:\windows\system32\13759hac9tzo5251.exe
2009-06-17 19:32 . 2009-06-17 19:32 14362 ----a-w- c:\windows\system32\275f9tealz775.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 10:00 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 09:57 . 2008-11-01 19:40 571676 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 09:57 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:44 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-07 01:44 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-06-07 08:09 . 2009-06-07 08:09 2890 ----a-w- c:\windows\system32\d76ad9warez4795.dll
2009-06-06 22:02 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 05:52 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-06-04 01:16 . 2009-06-04 01:16 15162 ----a-w- c:\windows\z9995roj6979.bin
2009-06-03 23:55 . 2009-06-03 23:55 5304 ----a-w- c:\windows\system32\2219wo5z3d39.exe
2009-06-03 02:02 . 2009-06-03 02:02 7162 ----a-w- c:\windows\5zd9spyware969.bin
2009-06-01 00:15 . 2009-01-14 07:15 4920139 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-27 22:30 . 2009-05-27 22:30 18190 ----a-w- c:\windows\9017z5roj2c2.exe
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-25 17:09 . 2009-05-25 17:09 13276 ----a-w- c:\windows\system32\4a39sz5rse1836.bin
2009-05-20 23:47 . 2009-05-20 23:47 15843 ----a-w- c:\windows\system32\7422v9zus582.bin
2009-05-20 22:26 . 2009-05-20 22:26 3926 ----a-w- c:\windows\7a75stezl5988.bin
2009-05-19 22:15 . 2009-05-19 22:15 15371 ----a-w- c:\windows\24z4s95al20.exe
2009-05-19 04:35 . 2009-05-19 04:35 16580 ----a-w- c:\windows\system32\195athre9tz080.dll
2009-05-17 19:14 . 2009-05-17 19:14 17079 ----a-w- c:\windows\28252zor9546.exe
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-14 01:48 . 2009-05-14 01:48 14708 ----a-w- c:\windows\system32\3193z9iru5266.exe
2009-05-13 12:41 . 2009-05-13 12:41 8495 ----a-w- c:\windows\833ste5l2997z.dll
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-09 18:23 . 2009-05-09 18:23 9841 ----a-w- c:\windows\system32\39c5tzr9at5534.bin
2009-05-08 11:47 . 2009-05-08 11:47 17621 ----a-w- c:\windows\system32\59f8v5rz79.dll
2009-05-07 10:49 . 2009-05-07 10:49 2988 ----a-w- c:\windows\5c5fthrza925117.dll
2009-05-07 10:27 . 2009-05-07 10:27 7191 ----a-w- c:\windows\z48dsp5wa9e2693.dll
2009-05-06 23:25 . 2009-05-06 23:25 6518 ----a-w- c:\windows\system32\9edz5ir461.dll
2009-05-05 06:01 . 2009-05-05 06:01 16823 ----a-w- c:\windows\system32\29zfs5arse977.bin
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-28 17:06 . 2009-04-28 17:06 2809 ----a-w- c:\windows\system32\6c59sza9se2963.exe
2009-04-27 16:23 . 2009-04-27 16:23 15058 ----a-w- c:\windows\4905stea5z599.dll
2009-04-26 18:32 . 2009-04-26 18:32 11151 ----a-w- c:\windows\5b24sz9al1894.exe
2009-04-26 13:02 . 2009-04-26 13:02 10039 ----a-w- c:\windows\4504threatz9763.dll
2009-04-26 01:13 . 2009-04-26 01:13 2862 ----a-w- c:\windows\system32\4898thz5f2750.bin
2009-04-20 08:00 . 2009-04-20 08:00 12719 ----a-w- c:\windows\5985spywzre9458.dll
2009-04-19 22:52 . 2009-04-19 22:52 13970 ----a-w- c:\windows\system32\13917not-5-v9ruz194.dll
2009-04-18 13:53 . 2009-04-18 13:53 17569 ----a-w- c:\windows\system32\4c93thr5az15843.bin
2009-04-15 14:49 . 2009-04-15 14:49 14576 ----a-w- c:\windows\system32\7z71hacktoo95d5.dll
2009-04-15 03:34 . 2009-04-15 03:34 17768 ----a-w- c:\windows\system32\12949zpy55.dll
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2009-04-13 20:12 . 2009-04-13 20:12 2652 ----a-w- c:\windows\system32\9295roj69z.dll
2009-04-12 03:57 . 2009-04-12 03:51 35762 ----a-w- c:\windows\DIIUnin.dat
2009-04-12 03:56 . 2009-04-12 03:56 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-04-12 03:56 . 2009-04-12 03:56 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-04-12 03:56 . 2009-04-12 03:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-04-12 03:51 . 2009-04-12 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-12 03:51 . 2009-04-12 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-12 03:40 . 2009-03-01 20:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"npkcmsvc"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MS NetConfig"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ELService"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DcomLaunch"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/6/2009 7:24 PM 108289]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/1/2008 11:37 AM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/1/2008 11:37 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 951632]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [5/1/2009 5:35 PM 225280]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [4/2/2009 1:30 AM 167987]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/9/2009 10:38 PM 38160]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2fee3a60-72cb-4ed7-9136-fe6f975ffce4} - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 02:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\msnt.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\taskmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-07-10 2:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 10:16

Pre-Run: 130,215,747,584 bytes free
Post-Run: 130,084,904,960 bytes free

629




FW: Norton Internet Security 2006
I didn't even know I had this installed.

*edit* After ComboFix rebooted, my wallpaper reverted back to one I used a few weeks ago, and an Internet Explorer icon appeared on my desktop. *edit*

Edited by DragonXZero, 10 July 2009 - 04:35 AM.


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 10 July 2009 - 04:32 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Then, run ComboFix once again.. Post Mawarebytes' and ComboFix logs here

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 10 July 2009 - 02:29 PM

After I ran the second scans, my computer failed to start up again.

Second mbam scan

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 2

7/10/2009 3:59:18 AM
mbam-log-2009-07-10 (03-59-18).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 294470
Time elapsed: 1 hour(s), 7 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WiniFighter (Rogue.WiniFighter) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\UACbwinqpusntdyykn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACfflieyyymernheg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UAChilwtequnkseeqq.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACjbxoghlespquxat.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACwgoiklbohidanrg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\MSIVXirmoeddkleafydlnxeamnpwmxapvakyt.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACpcferplrdqtvuvf.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000001.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000002.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000005.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000006.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP0\A0000007.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

Second ComboFix scan

ComboFix 09-07-09.07 - HP_Administrator 07/10/2009 4:17.2.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1656 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\24645notza-9irus6ca.ocx
c:\windows\24z15virus4c9.exe
c:\windows\24z4s95al20.exe
c:\windows\24z89w5rm94d.dll
c:\windows\25029spz5da.dll
c:\windows\2502zspy69a.exe
c:\windows\2520zparse25129.bin
c:\windows\25308s9ambzt1e65.cpl
c:\windows\25455wo9m19z.bin
c:\windows\255zdownloade9470.ocx
c:\windows\25606not-azv5ru9639.bin
c:\windows\25763not-9-vi5us385z.cpl
c:\windows\2595irz5.exe
c:\windows\259cstz5l5839.dll
c:\windows\259ethreat80z3.bin
c:\windows\25b4a95warz124.bin
c:\windows\261a9hreatz665.bin
c:\windows\265z2troj419.cpl
c:\windows\26981not-a5vz9us40a.bin
c:\windows\26bbs5ar9e106z.dll
c:\windows\272175ack9ozl185.exe
c:\windows\275z2spam9ot3b5.ocx
c:\windows\27834s9a5bot1z1.bin
c:\windows\28252zor9546.exe
c:\windows\282z6v5ru95db.bin
c:\windows\28958wzrm94c.cpl
c:\windows\28c2s9ywa5e22z.exe
c:\windows\28z29viru5ea.exe
c:\windows\29351virus5zd9.exe
c:\windows\29481trzj2305.ocx
c:\windows\29511zo5m19.exe
c:\windows\29571spam5oz1f29.exe
c:\windows\296165acktoolz9.exe
c:\windows\29635not-a-vir5s4z2.exe
c:\windows\29944not5a-vzrus15f.exe
c:\windows\2997tz592f7.exe
c:\windows\29f0sparsez915.ocx
c:\windows\29fzsparse2295.exe
c:\windows\2a99dowzloader2953.dll
c:\windows\2d489ownloazer5583.exe
c:\windows\2f49downloazer14595.ocx
c:\windows\2fa0zp95are3112.bin
c:\windows\2z944no5-a-virus69a9.ocx
c:\windows\2zb5ad9w5re192.exe
c:\windows\303bzackdo5r1920.dll
c:\windows\30926tr5jz6d.dll
c:\windows\309z75roj319.dll
c:\windows\313389zrm5c1.dll
c:\windows\313595izus624.ocx
c:\windows\314z1tro9451.exe
c:\windows\3190vizu5238.bin
c:\windows\31959tro57ze.exe
c:\windows\31992s5amb9t3z7.cpl
c:\windows\31d4spy5are1970z.exe
c:\windows\3227zvi95s45d.exe
c:\windows\323995ot-a-vi9zs62c.exe
c:\windows\32z4thi952759.ocx
c:\windows\333zwor57a9.ocx
c:\windows\3397zirus295.cpl
c:\windows\3502not-a-zir9s659.ocx
c:\windows\35790vizus53c.ocx
c:\windows\36z7thre9t59013.ocx
c:\windows\3859addwar52z91.ocx
c:\windows\3859thief9z0.exe
c:\windows\385zbac5do9r906.dll
c:\windows\3940th5zat12501.ocx
c:\windows\395addware3z68.bin
c:\windows\39737szy5c75.dll
c:\windows\3ae9spyzare2075.cpl
c:\windows\3b35ba9kdoor94z.cpl
c:\windows\3bzas9yware5616.ocx
c:\windows\3c65sp9war5z949.bin
c:\windows\3d435dz9are3012.ocx
c:\windows\3dazd59nloader1861.ocx
c:\windows\3ed7thrzat15959.ocx
c:\windows\3ezdth59f460.cpl
c:\windows\3z42download5r2891.cpl
c:\windows\3zc1s9eal9985.cpl
c:\windows\4025hacktoozb59.exe
c:\windows\404bbazkd5or2923.ocx
c:\windows\41acbaczdoor2495.dll
c:\windows\41z89hreat21598.exe
c:\windows\425fsparsez39.exe
c:\windows\4263b5zkdoor1993.ocx
c:\windows\4271dzwnloade5979.exe
c:\windows\4335downz9ader2311.exe
c:\windows\433bzackd9or2953.ocx
c:\windows\435zvi9946.cpl
c:\windows\4365s9eal2592z.exe
c:\windows\4389nzt-a9vir5s2f6.cpl
c:\windows\439dthreat2z350.bin
c:\windows\43cfdow5load9z3055.ocx
c:\windows\4504threatz9763.dll
c:\windows\45255zckt9ol19.cpl
c:\windows\453fspywarz983.cpl
c:\windows\45ce9parsz879.exe
c:\windows\45e75ow9lzader53.bin
c:\windows\4639thiez29625.cpl
c:\windows\46z09hie53130.ocx
c:\windows\484dthreatz6659.cpl
c:\windows\48915hzef13629.cpl
c:\windows\489ctz5ef2295.dll
c:\windows\4905stea5z599.dll
c:\windows\4915tz9ef1493.bin
c:\windows\49e3downloaz9r5290.bin
c:\windows\49zsparse955.exe
c:\windows\4da4azdwa9e135.cpl
c:\windows\4df8zir15359.exe
c:\windows\4z355hreat32967.ocx
c:\windows\4z95vir19295.ocx
c:\windows\4zf9ba5kdoo9951.cpl
c:\windows\50357spam9oz4c3.ocx
c:\windows\5053downloaz9r2257.cpl
c:\windows\5057zspyc9.dll
c:\windows\5082wzrm339.dll
c:\windows\50f65ddwarz9908.bin
c:\windows\5106backdo9z930.dll
c:\windows\5151woz9760.dll
c:\windows\5172thre9t11953z.exe
c:\windows\51z9hackt9ol600.cpl
c:\windows\52855v9zus1f.dll
c:\windows\5288z5oj669.exe
c:\windows\53219not-a-vizus7d9.dll
c:\windows\538539pz2da.exe
c:\windows\53adoznloa9er3557.dll
c:\windows\541dzpyw5re95.ocx
c:\windows\54ccst9a52566z.bin
c:\windows\5509t9rezt11593.cpl
c:\windows\552zthi9f873.exe
c:\windows\5535zspy6ba9.cpl
c:\windows\5552vi91887z.ocx
c:\windows\5559v5rus35z.exe
c:\windows\5566spa9bot74z.cpl
c:\windows\561zth9ef23245.dll
c:\windows\566athre9z70835.exe
c:\windows\579z5py2a29.exe
c:\windows\57f9b9ckdoor102z.ocx
c:\windows\5812backdozr9029.ocx
c:\windows\5836viruz6c29.exe
c:\windows\5890backz5or1970.cpl
c:\windows\5895down5oader6z.ocx
c:\windows\58b7dow9loz5er1418.ocx
c:\windows\58z72troj99.dll
c:\windows\59257viruz9ff.cpl
c:\windows\595zthreat2619.cpl
c:\windows\5965zspy67.ocx
c:\windows\59856z9y6e0.cpl
c:\windows\5985spambo54ze9.ocx
c:\windows\5985spywzre9458.dll
c:\windows\59dfste5z917.cpl
c:\windows\5b24sz9al1894.exe
c:\windows\5c5fthrza925117.dll
c:\windows\5c9zvir152.dll
c:\windows\5d32steal981z.exe
c:\windows\5dc1spyware2z829.dll
c:\windows\5dcth9eat3082z.dll
c:\windows\5e38thze5t69509.exe
c:\windows\5f19vir2795z.cpl
c:\windows\5f2v9r784z.bin
c:\windows\5z51vir689.exe
c:\windows\5z68steal1969.ocx
c:\windows\5z96spam5ot8c.dll
c:\windows\5zd9spyware969.bin
c:\windows\5ze69ddware3178.dll
c:\windows\608baczdo952798.exe
c:\windows\60a9addwarez595.dll
c:\windows\60b5v9z2512.ocx
c:\windows\6113thi5f3z59.cpl
c:\windows\6191sparsz2705.dll
c:\windows\62085zoj498.bin
c:\windows\629ctz59f3057.dll
c:\windows\639ddown5oader24z6.dll
c:\windows\6419s5yfz.ocx
c:\windows\6590zor9ea.bin
c:\windows\65b3zpywar523549.dll
c:\windows\6696zo5m449.dll
c:\windows\6748t5ief1985z.cpl
c:\windows\6933addware2335z.cpl
c:\windows\6946steal56z4.ocx
c:\windows\6976wo5m428z.ocx
c:\windows\6c05dzw59oader2308.dll
c:\windows\6fz6spy9are558.ocx
c:\windows\6z59backdoor1355.exe
c:\windows\6z77h9cktool595.dll
c:\windows\71329hi5f9z4.bin
c:\windows\7153s5yware27z79.exe
c:\windows\717cszarse5349.cpl
c:\windows\725cspa9se3056z.ocx
c:\windows\736z9hreat7025.ocx
c:\windows\74czdo9n5oader589.exe
c:\windows\7572zhr9at14245.cpl
c:\windows\7594wzrm915.bin
c:\windows\7597doznloader1213.exe
c:\windows\75f4sp5rse997z.dll
c:\windows\7639thiez5896.cpl
c:\windows\77229rzj564.exe
c:\windows\77zcthie9571.exe
c:\windows\78f4zackdoor2595.bin
c:\windows\7953addware1z98.dll
c:\windows\7959addware2029z.ocx
c:\windows\795ethrzat6521.cpl
c:\windows\7a52a9dwaze2492.ocx
c:\windows\7a75stezl5988.bin
c:\windows\7b51t9iez5553.cpl
c:\windows\7e56spy9zre2541.dll
c:\windows\7e97a9dware1z54.cpl
c:\windows\7z165dd9are1986.bin
c:\windows\7z32spa9b5ta8.exe
c:\windows\8238w9rm25z.cpl
c:\windows\833ste5l2997z.dll
c:\windows\836359amboz6e3.cpl
c:\windows\842addware1z945.bin
c:\windows\8719zot59-virusdb.bin
c:\windows\8819spa9bot54cz.bin
c:\windows\8841hackto5z955.cpl
c:\windows\8919zrus775.dll
c:\windows\8z81sp9152.ocx
c:\windows\9017z5roj2c2.exe
c:\windows\90468hackzo5l637.ocx
c:\windows\917cthief2z54.cpl
c:\windows\91859tzoj555.ocx
c:\windows\92275spamb5t5z6.ocx
c:\windows\9295addwaze2549.exe
c:\windows\9381viruszdc5.bin
c:\windows\93905ac9toolz08.exe
c:\windows\93aevir254z.cpl
c:\windows\940z3spambo5797.dll
c:\windows\95466vir5s63z.cpl
c:\windows\954s9ar5z285.bin
c:\windows\9675sparze1386.dll
c:\windows\9690spambzt3945.bin
c:\windows\96989spy2z5.ocx
c:\windows\9706worm55z.exe
c:\windows\97285virus7b3z.cpl
c:\windows\9753w9rm5z4.ocx
c:\windows\97756zormec.exe
c:\windows\98182vzrus551.cpl
c:\windows\98215irus3z.exe
c:\windows\9827sz5514.bin
c:\windows\98869vizus6895.dll
c:\windows\98bvir598z.cpl
c:\windows\990spa5bot18z9.bin
c:\windows\9915vzr9s5055.bin
c:\windows\9936sparse55z.ocx
c:\windows\99479hzcktool6ff5.bin
c:\windows\99z9spyware11865.exe
c:\windows\9czs5yware61.cpl
c:\windows\9e8ddo5nlozder2152.dll
c:\windows\9z55sparse614.exe
c:\windows\9z99spambot15c.bin
c:\windows\c85spzwa9e67.bin
c:\windows\cc4b5zkdoor30489.exe
c:\windows\d20thz9f2895.bin
c:\windows\dfzt9ief5046.exe
c:\windows\e5abackdo9r999z.ocx
c:\windows\ef4adzw9re1548.dll
c:\windows\system32\1018not-a-v59uz140.dll
c:\windows\system32\1089095y5fz.bin
c:\windows\system32\10930tzo5747.exe
c:\windows\system32\11151not-a-5i9us7dz.cpl
c:\windows\system32\11bazown9oader2052.exe
c:\windows\system32\11z90sp5310.ocx
c:\windows\system32\12027spy7z95.exe
c:\windows\system32\12307spa5z9t49b.ocx
c:\windows\system32\12949zpy55.dll
c:\windows\system32\12d5thiez9053.cpl
c:\windows\system32\13094troj51z.cpl
c:\windows\system32\134955ot-a-viru9z37.ocx
c:\windows\system32\13759hac9tzo5251.exe
c:\windows\system32\13917not-5-v9ruz194.dll
c:\windows\system32\140z29irus75c.cpl
c:\windows\system32\14442not9z5virus4cd.dll
c:\windows\system32\144625acktz9l19.cpl
c:\windows\system32\1485zs5y8e9.ocx
c:\windows\system32\149835orm3ze.ocx
c:\windows\system32\14c5thief9598z.cpl
c:\windows\system32\151caddwa9e35z.dll
c:\windows\system32\15487wzrm5e79.ocx
c:\windows\system32\154vir79z.cpl
c:\windows\system32\15501vzrus291.exe
c:\windows\system32\15513wozm91e.exe
c:\windows\system32\15546hacktz9l741.dll
c:\windows\system32\15631sp52fz9.bin
c:\windows\system32\1579sp5zse2631.bin
c:\windows\system32\15901spy91z.ocx
c:\windows\system32\15a59iz855.dll
c:\windows\system32\16195viruz8a.exe
c:\windows\system32\161z15pambot3f79.dll
c:\windows\system32\165abz9kdoor458.cpl
c:\windows\system32\16659hacktzo934f.dll
c:\windows\system32\16684n5t-azvirusa9.dll
c:\windows\system32\16977v5rus6fz.bin
c:\windows\system32\16z05py1199.exe
c:\windows\system32\170wor95z.exe
c:\windows\system32\17z9virus6659.cpl
c:\windows\system32\18549t5oj446z.exe
c:\windows\system32\1899steal1z95.bin
c:\windows\system32\18bzthreat15095.exe
c:\windows\system32\1914zhacktoolf95.ocx
c:\windows\system32\192ztroj755.bin
c:\windows\system32\1950sparse356z.bin
c:\windows\system32\195athre9tz080.dll
c:\windows\system32\197999irus56z.cpl
c:\windows\system32\19938s5z46f.bin
c:\windows\system32\19979hzcktool7a5.ocx
c:\windows\system32\19z06worm95c.ocx
c:\windows\system32\19zddware2535.ocx
c:\windows\system32\1e5addzare10229.bin
c:\windows\system32\1e8z59yware263.dll
c:\windows\system32\1e95st5al16z9.bin
c:\windows\system32\1z592virus99.ocx
c:\windows\system32\1z9295py151.exe
c:\windows\system32\201z3hacktoo925.dll
c:\windows\system32\202485pzmbot7f49.dll
c:\windows\system32\20410h5cktzol695.bin
c:\windows\system32\208759pzmbot76c.bin
c:\windows\system32\20980not-z-vir5s4f99.cpl
c:\windows\system32\209backdoo5z89.dll
c:\windows\system32\20z529py2a4.ocx
c:\windows\system32\215z5virus589.bin
c:\windows\system32\21651t59z28.ocx
c:\windows\system32\22094hac5tozl589.dll
c:\windows\system32\220zdownloader8915.dll
c:\windows\system32\2214thiefz159.ocx
c:\windows\system32\2219wo5z3d39.exe
c:\windows\system32\22234zorm1e95.bin
c:\windows\system32\2265ztr9j1545.dll
c:\windows\system32\22ac9tealz695.ocx
c:\windows\system32\23933viz5s516.exe
c:\windows\system32\2395z9oj5c.exe
c:\windows\system32\239799ot-a-z5rus45b.cpl
c:\windows\system32\23f5zhr9at31862.cpl
c:\windows\system32\24z45spambo93e7.dll
c:\windows\system32\24z51hack9ool790.ocx
c:\windows\system32\25020notza-vir5s569.cpl
c:\windows\system32\250badd5zre22999.exe
c:\windows\system32\25299spambzt2bf.bin
c:\windows\system32\2568zpy149.ocx
c:\windows\system32\25803worm496z.exe
c:\windows\system32\25809trzj5d15.dll
c:\windows\system32\25955vzrus3c6.dll
c:\windows\system32\25c9steal2105z.ocx
c:\windows\system32\25edvir255z9.cpl
c:\windows\system32\25z25w9rm743.cpl
c:\windows\system32\26029hzcktool4e59.exe
c:\windows\system32\2640znot-9-5irus70e.exe
c:\windows\system32\2654spam9otz50.ocx
c:\windows\system32\26589not-a-virusz04.cpl
c:\windows\system32\26992tr5z9cb.dll
c:\windows\system32\269z2troj5f5.exe
c:\windows\system32\272509zrm348.cpl
c:\windows\system32\272595iez157.exe
c:\windows\system32\275f9tealz775.dll
c:\windows\system32\27781not-a-viruz9a15.cpl
c:\windows\system32\28398t9ojz85.dll
c:\windows\system32\284079ozm257.exe
c:\windows\system32\28507hacktooz79.dll
c:\windows\system32\28545not9a-zirus4965.exe
c:\windows\system32\28825wo9m57z.exe
c:\windows\system32\29180not-a-9iru51ez.ocx
c:\windows\system32\2942hack5ool23dz.cpl
c:\windows\system32\295szy50c.dll
c:\windows\system32\29899vir5z702.bin
c:\windows\system32\29907zacktoo5478.ocx
c:\windows\system32\299595pazbot574.ocx
c:\windows\system32\29z4s5arse2553.ocx
c:\windows\system32\29zfs5arse977.bin
c:\windows\system32\2b0zsteal16559.ocx
c:\windows\system32\2b12a5d9aze2057.ocx
c:\windows\system32\2bad5hiez949.exe
c:\windows\system32\2bdzd5w9loader510.dll
c:\windows\system32\2e9z5ddwa9e2455.bin
c:\windows\system32\2eebdownl9ad5r650z.dll
c:\windows\system32\2z113h9cktool650.exe
c:\windows\system32\2z30th95f64.exe
c:\windows\system32\2z4359irus5d2.dll
c:\windows\system32\2z681worm795.exe
c:\windows\system32\301f9zeal2539.dll
c:\windows\system32\303eth9e5t80z3.cpl
c:\windows\system32\3090not5a-virus326z.ocx
c:\windows\system32\30924spz5ec5.dll
c:\windows\z06hackt9ol6675.bin
c:\windows\z09fthief2517.cpl
c:\windows\z156sp9war51700.ocx
c:\windows\z385vi91845.bin
c:\windows\z415pam9ot130.exe
c:\windows\z465troj9f.ocx
c:\windows\z48dsp5wa9e2693.dll
c:\windows\z587495rm636.cpl
c:\windows\z594thief9690.ocx
c:\windows\z5954spy70c.bin
c:\windows\z597spambot154.dll
c:\windows\z6057troj659.bin
c:\windows\z6290spamb5t583.exe
c:\windows\z6349hief825.exe
c:\windows\z7879py55.ocx
c:\windows\z7d99h5eat23736.cpl
c:\windows\z893virus65c.dll
c:\windows\z9305parse9102.exe
c:\windows\z9995roj6979.bin
c:\windows\zabaaddw9re2175.dll
c:\windows\zb559ownloader550.ocx
c:\windows\zb8cthr9at20568.ocx
c:\windows\zbf9spyware5233.dll
c:\windows\zc24s95ware1405.exe
c:\windows\ze53ba5kdoor9369.exe
c:\windows\zf77threat989375.ocx
c:\windows\zf99s5yware328.ocx

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-12-25 14:44 . 2009-12-25 14:44 9663 ----a-w- c:\windows\system32\445ez5reat94147.dll
2009-12-24 22:24 . 2009-12-24 22:24 8906 ----a-w- c:\windows\system32\8540zro5299.bin
2009-12-17 21:34 . 2009-12-17 21:34 17863 ----a-w- c:\windows\system32\31124t5zj3d19.exe
2009-12-07 12:10 . 2009-12-07 12:10 14512 ----a-w- c:\windows\system32\z7554virus139.dll
2009-12-07 11:36 . 2009-12-07 11:36 10787 ----a-w- c:\windows\system32\32993viruz52c.dll
2009-11-26 20:08 . 2009-11-26 20:08 8735 ----a-w- c:\windows\system32\9d5addwar5188z.exe
2009-11-23 10:17 . 2009-11-23 10:17 2877 ----a-w- c:\windows\system32\75z4sp5mb9t244.dll
2009-11-21 17:16 . 2009-11-21 17:16 8635 ----a-w- c:\windows\system32\4b98downlz5de937.bin
2009-11-14 17:23 . 2009-11-14 17:23 4742 ----a-w- c:\windows\system32\30925hackt95l3dfz.dll
2009-11-10 14:22 . 2009-11-10 14:22 4538 ----a-w- c:\windows\system32\559zs9y355.exe
2009-10-23 23:48 . 2009-10-23 23:48 13986 ----a-w- c:\windows\system32\38zthie59466.exe
2009-10-20 13:41 . 2009-10-20 13:41 14221 ----a-w- c:\windows\system32\9z605irus648.exe
2009-10-17 19:05 . 2009-10-17 19:05 3408 ----a-w- c:\windows\system32\8265trzj295.exe
2009-10-17 17:57 . 2009-10-17 17:57 9464 ----a-w- c:\windows\system32\5559irusz6e5.dll
2009-10-17 00:47 . 2009-10-17 00:47 7778 ----a-w- c:\windows\system32\z81dspa5s92015.dll
2009-10-16 00:47 . 2009-10-16 00:47 12601 ----a-w- c:\windows\system32\zde9spyware995.exe
2009-10-12 13:23 . 2009-10-12 13:23 12679 ----a-w- c:\windows\system32\7229downloa9er5841z.bin
2009-10-02 09:53 . 2009-10-02 09:53 6567 ----a-w- c:\windows\system32\959bbaczdoor5197.bin
2009-10-01 23:37 . 2009-10-01 23:37 17608 ----a-w- c:\windows\system32\5637szeal979.bin
2009-09-27 00:17 . 2009-09-27 00:17 16281 ----a-w- c:\windows\system32\452s5y911z.exe
2009-09-15 11:24 . 2009-09-15 11:24 9708 ----a-w- c:\windows\system32\5f11zir9955.dll
2009-09-14 15:30 . 2009-09-14 15:30 16237 ----a-w- c:\windows\system32\4d3dbackdo59z660.bin
2009-09-13 18:37 . 2009-09-13 18:37 7593 ----a-w- c:\windows\system32\z81es9eal5465.dll
2009-09-09 23:25 . 2009-09-09 23:25 12427 ----a-w- c:\windows\system32\z36595py6aa.exe
2009-09-02 05:20 . 2009-09-02 05:20 4882 ----a-w- c:\windows\system32\3z1ddow5loader9313.exe
2009-08-26 02:53 . 2009-08-26 02:53 9624 ----a-w- c:\windows\system32\527bdow9loazer2553.bin
2009-08-21 04:31 . 2009-08-21 04:31 3202 ----a-w- c:\windows\system32\5f30azd5ar92124.dll
2009-07-28 03:51 . 2009-07-28 03:51 5113 ----a-w- c:\windows\system32\zbc55tea93260.exe
2009-07-19 04:00 . 2009-07-19 04:00 8484 ----a-w- c:\windows\system32\4997downloaderz157.dll
2009-07-15 20:04 . 2009-07-15 20:04 4399 ----a-w- c:\windows\system32\94699ha5kzool6f6.dll
2009-07-15 19:28 . 2009-07-15 19:28 3074 ----a-w- c:\windows\system32\z118steal9257.dll
2009-07-13 00:15 . 2009-07-13 00:15 11443 ----a-w- c:\windows\system32\49a5thiefz999.exe
2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 20:12 . 2009-07-09 20:12 4872 ----a-w- c:\windows\system32\558299irzs17d.bin
2009-07-07 08:46 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 01:44 . 2009-07-07 01:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 01:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2009-06-30 01:49 -------- d-----w- c:\program files\EA GAMES
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-26 00:17 . 2009-06-26 00:17 9451 ----a-w- c:\windows\system32\31515hacktzol198.bin
2009-06-16 04:58 . 2009-06-16 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 18:43 . 2009-06-15 18:43 2719 ----a-w- c:\windows\system32\5e9zadd5are245.exe
2009-06-15 06:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-15 06:38 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-12 14:08 . 2009-06-12 14:08 18200 ----a-w- c:\windows\system32\z1051s5y49b.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 12:00 . 2008-11-01 19:40 572396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 12:00 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 10:00 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:44 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-07 01:44 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-06-07 08:09 . 2009-06-07 08:09 2890 ----a-w- c:\windows\system32\d76ad9warez4795.dll
2009-06-06 22:02 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 05:52 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-06-01 00:15 . 2009-01-14 07:15 4920139 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-25 17:09 . 2009-05-25 17:09 13276 ----a-w- c:\windows\system32\4a39sz5rse1836.bin
2009-05-20 23:47 . 2009-05-20 23:47 15843 ----a-w- c:\windows\system32\7422v9zus582.bin
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-14 01:48 . 2009-05-14 01:48 14708 ----a-w- c:\windows\system32\3193z9iru5266.exe
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-09 18:23 . 2009-05-09 18:23 9841 ----a-w- c:\windows\system32\39c5tzr9at5534.bin
2009-05-08 11:47 . 2009-05-08 11:47 17621 ----a-w- c:\windows\system32\59f8v5rz79.dll
2009-05-06 23:25 . 2009-05-06 23:25 6518 ----a-w- c:\windows\system32\9edz5ir461.dll
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-28 17:06 . 2009-04-28 17:06 2809 ----a-w- c:\windows\system32\6c59sza9se2963.exe
2009-04-26 01:13 . 2009-04-26 01:13 2862 ----a-w- c:\windows\system32\4898thz5f2750.bin
2009-04-18 13:53 . 2009-04-18 13:53 17569 ----a-w- c:\windows\system32\4c93thr5az15843.bin
2009-04-15 14:49 . 2009-04-15 14:49 14576 ----a-w- c:\windows\system32\7z71hacktoo95d5.dll
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2009-04-13 20:12 . 2009-04-13 20:12 2652 ----a-w- c:\windows\system32\9295roj69z.dll
2009-04-12 03:57 . 2009-04-12 03:51 35762 ----a-w- c:\windows\DIIUnin.dat
2009-04-12 03:56 . 2009-04-12 03:56 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-04-12 03:56 . 2009-04-12 03:56 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-04-12 03:56 . 2009-04-12 03:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-04-12 03:51 . 2009-04-12 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-12 03:51 . 2009-04-12 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-12 03:40 . 2009-03-01 20:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"npkcmsvc"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MS NetConfig"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ELService"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DcomLaunch"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 951632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nubnq;nubnq;c:\windows\system32\drivers\fyvtvrn.sys --> c:\windows\system32\drivers\fyvtvrn.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/1/2008 11:37 AM 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/1/2008 11:37 AM 298776]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [5/1/2009 5:35 PM 225280]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [4/2/2009 1:30 AM 167987]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 04:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
Completion time: 2009-07-10 4:35
ComboFix-quarantined-files.txt 2009-07-10 12:35
ComboFix2.txt 2009-07-10 10:16

Pre-Run: 132,310,700,032 bytes free
Post-Run: 132,292,014,080 bytes free

832


Third mbam scan

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 2

7/10/2009 5:16:54 AM
mbam-log-2009-07-10 (05-16-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 308134
Time elapsed: 38 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Third ComboFix scan

ComboFix 09-07-09.07 - HP_Administrator 07/10/2009 5:17.3.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1611 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\30925hackt95l3dfz.dll
c:\windows\system32\30995spamb9t56z.ocx
c:\windows\system32\309z9virus5d5.dll
c:\windows\system32\31124t5zj3d19.exe
c:\windows\system32\31515hacktzol198.bin
c:\windows\system32\31722s5amb9z5e0.dll
c:\windows\system32\3193z9iru5266.exe
c:\windows\system32\31b55ddwzre9798.ocx
c:\windows\system32\31z69w9rm551.cpl
c:\windows\system32\32545sp9mzot65f.dll
c:\windows\system32\32756z59j178.ocx
c:\windows\system32\32993viruz52c.dll
c:\windows\system32\3380sp9wzre385.ocx
c:\windows\system32\35505zy9are408.ocx
c:\windows\system32\35afspyw9re300z.dll
c:\windows\system32\36z0not9a-virus654.dll
c:\windows\system32\371dad5waze21859.exe
c:\windows\system32\3759addware2651z.exe
c:\windows\system32\3813vi5z059.ocx
c:\windows\system32\38zthie59466.exe
c:\windows\system32\393baddware1857z.cpl
c:\windows\system32\39795hreat9557z.ocx
c:\windows\system32\3990szambot7db5.cpl
c:\windows\system32\39c5tzr9at5534.bin
c:\windows\system32\39e5thre9t13778z.exe
c:\windows\system32\3a94thr5az4725.ocx
c:\windows\system32\3f7dvir59z4.dll
c:\windows\system32\3f9adzware1605.cpl
c:\windows\system32\3z1ddow5loader9313.exe
c:\windows\system32\3z21vi59777.ocx
c:\windows\system32\3z42n9t-a-viru5b4.bin
c:\windows\system32\3z6bspyware56579.dll
c:\windows\system32\415zspar9e2556.bin
c:\windows\system32\4169hackt5zl154.dll
c:\windows\system32\4195downlzader553.bin
c:\windows\system32\425eszeal27289.bin
c:\windows\system32\43fathr9at1656z.dll
c:\windows\system32\445ez5reat94147.dll
c:\windows\system32\452s5y911z.exe
c:\windows\system32\453zback9oor2428.cpl
c:\windows\system32\46a79hiez2254.bin
c:\windows\system32\46abb9ckdoor2z55.cpl
c:\windows\system32\4765addwa9z831.bin
c:\windows\system32\479ezhre9t4252.dll
c:\windows\system32\4822hacztoo9752.cpl
c:\windows\system32\4892d5w9lozder2305.dll
c:\windows\system32\4898thz5f2750.bin
c:\windows\system32\495acktooz29a.exe
c:\windows\system32\4997downloaderz157.dll
c:\windows\system32\49a5thiefz999.exe
c:\windows\system32\49bbsp5rse3z04.ocx
c:\windows\system32\49c0spywa9e1556z.cpl
c:\windows\system32\4a39sz5rse1836.bin
c:\windows\system32\4b59viz479.ocx
c:\windows\system32\4b98downlz5de937.bin
c:\windows\system32\4bd2vir1z959.ocx
c:\windows\system32\4c2459arse2z00.ocx
c:\windows\system32\4c93thr5az15843.bin
c:\windows\system32\4d1thief2559z.ocx
c:\windows\system32\4d3dbackdo59z660.bin
c:\windows\system32\4d94t5zef1092.cpl
c:\windows\system32\4e5czir9826.cpl
c:\windows\system32\4zc7thief5984.ocx
c:\windows\system32\50708viruz59e.dll
c:\windows\system32\5070not-9-viruz7205.exe
c:\windows\system32\508a5hzef9233.cpl
c:\windows\system32\50f49te5l11z1.dll
c:\windows\system32\50z34trojc69.dll
c:\windows\system32\51065wozm696.exe
c:\windows\system32\5172virus9zd5.ocx
c:\windows\system32\519abackz5or1494.dll
c:\windows\system32\527bdow9loazer2553.bin
c:\windows\system32\53d9azdware508.bin
c:\windows\system32\540529irus26z.dll
c:\windows\system32\55129hreat18265z.dll
c:\windows\system32\5531downloaze9805.ocx
c:\windows\system32\5559irusz6e5.dll
c:\windows\system32\555steaz955.dll
c:\windows\system32\55769spyz41.cpl
c:\windows\system32\558299irzs17d.bin
c:\windows\system32\559zs9y355.exe
c:\windows\system32\5615tr9j50z5.exe
c:\windows\system32\56269zy5e0.bin
c:\windows\system32\5637szeal979.bin
c:\windows\system32\5738worz59a.dll
c:\windows\system32\57447v9rus8bz.ocx
c:\windows\system32\579ba5kdzor2600.exe
c:\windows\system32\581z6spa9bot5f9.dll
c:\windows\system32\5877thief1891z.ocx
c:\windows\system32\58919hzef596.cpl
c:\windows\system32\5896bac5door293z.cpl
c:\windows\system32\58efspzrse1179.exe
c:\windows\system32\5908vir754z.cpl
c:\windows\system32\591359rm378z.exe
c:\windows\system32\5918vi9557z.dll
c:\windows\system32\59482not-a-virus2z79.dll
c:\windows\system32\59741t9oz3c6.cpl
c:\windows\system32\59912virus3z49.dll
c:\windows\system32\59c1thiefz0195.exe
c:\windows\system32\59f8v5rz79.dll
c:\windows\system32\59z09ir325.exe
c:\windows\system32\5a98spzware2399.ocx
c:\windows\system32\5b7fa9dware23z.cpl
c:\windows\system32\5bfbbac9dz5r2514.exe
c:\windows\system32\5c49steal82z5.cpl
c:\windows\system32\5c7ct9zef1302.dll
c:\windows\system32\5cf4d5wnload9r273z.ocx
c:\windows\system32\5dd49zdware2898.cpl
c:\windows\system32\5e9zadd5are245.exe
c:\windows\system32\5f11zir9955.dll
c:\windows\system32\5f30azd5ar92124.dll
c:\windows\system32\5fec9zckd5or2860.ocx
c:\windows\system32\5z259troj5ed.ocx
c:\windows\system32\5ze2spy9are705.ocx
c:\windows\system32\5zfbv9r1545.cpl
c:\windows\system32\6189s9yware2z65.exe
c:\windows\system32\6235bazkdoor1598.dll
c:\windows\system32\62zebackd9or28725.ocx
c:\windows\system32\6351v9rus6za.ocx
c:\windows\system32\638aspyw5re39z8.bin
c:\windows\system32\63z09h5eat12799.ocx
c:\windows\system32\64a5back5ooz2948.cpl
c:\windows\system32\655zt5reat28929.ocx
c:\windows\system32\65z19ackdoor1188.cpl
c:\windows\system32\66c95pywarez054.ocx
c:\windows\system32\693tzie5736.cpl
c:\windows\system32\69555izus659.cpl
c:\windows\system32\6970t5o93z4.bin
c:\windows\system32\69ezst5al459.ocx
c:\windows\system32\69fbthrza518354.bin
c:\windows\system32\69z9teal590.ocx
c:\windows\system32\6a955tealz543.exe
c:\windows\system32\6a97addwaze9593.exe
c:\windows\system32\6afz9dware5970.bin
c:\windows\system32\6c59sza9se2963.exe
c:\windows\system32\6c65azd9are2002.bin
c:\windows\system32\6e5dzhi9f646.cpl
c:\windows\system32\6zc9bac59oor3246.bin
c:\windows\system32\7003szar5e3009.bin
c:\windows\system32\70sp5mbo95ez.bin
c:\windows\system32\7137s5a9bot26z.bin
c:\windows\system32\7177tr9j1z05.bin
c:\windows\system32\7217spywz5e19629.ocx
c:\windows\system32\7229downloa9er5841z.bin
c:\windows\system32\7413not59-zirus652.ocx
c:\windows\system32\7422v9zus582.bin
c:\windows\system32\745fvirz5559.cpl
c:\windows\system32\7529addwaze285.bin
c:\windows\system32\753cv95912z.cpl
c:\windows\system32\7571backzoor3009.exe
c:\windows\system32\75stea9z805.bin
c:\windows\system32\75z4sp5mb9t244.dll
c:\windows\system32\7676azdwa95849.dll
c:\windows\system32\7779ad5wzr91919.ocx
c:\windows\system32\79005pz2d3.cpl
c:\windows\system32\793zvi52889.bin
c:\windows\system32\7955downloader2814z.cpl
c:\windows\system32\796bdownloader35z5.ocx
c:\windows\system32\79f85zr959.ocx
c:\windows\system32\7c39s5arse1z19.cpl
c:\windows\system32\7d15do5nlozder1913.exe
c:\windows\system32\7f9t5reat2z753.dll
c:\windows\system32\7z3dthre593927.bin
c:\windows\system32\7z71hacktoo95d5.dll
c:\windows\system32\8265trzj295.exe
c:\windows\system32\83975irus389z.ocx
c:\windows\system32\8483w5zm3e9.dll
c:\windows\system32\8540zro5299.bin
c:\windows\system32\891s5y2za.exe
c:\windows\system32\895spzw9re1240.exe
c:\windows\system32\89z1not-a-v5r9s687.dll
c:\windows\system32\8c5spz9s5869.cpl
c:\windows\system32\90394hazktoo53db.bin
c:\windows\system32\9054vir564z.ocx
c:\windows\system32\90z5troj470.cpl
c:\windows\system32\9127zhacktoo558f.bin
c:\windows\system32\91859ackt5ol6c5z.cpl
c:\windows\system32\9295roj69z.dll
c:\windows\system32\92d0zownloader1925.dll
c:\windows\system32\9415spz9bot584.dll
c:\windows\system32\943baddwzr52445.bin
c:\windows\system32\943dthze536.dll
c:\windows\system32\9443hackzo5l695.ocx
c:\windows\system32\94564spamboz1b5.dll
c:\windows\system32\94575pyware3z4.bin
c:\windows\system32\94699ha5kzool6f6.dll
c:\windows\system32\9493virus45z.dll
c:\windows\system32\94z9spar5e803.dll
c:\windows\system32\956dthzef3113.cpl
c:\windows\system32\9580h5ckzool77f.dll
c:\windows\system32\959bbaczdoor5197.bin
c:\windows\system32\95back9oorz887.exe
c:\windows\system32\95f6vir2880z.cpl
c:\windows\system32\96854vizus15e.exe
c:\windows\system32\9694vi59s5zb.cpl
c:\windows\system32\9797zac9tool5ea5.bin
c:\windows\system32\98d9thie5935z.bin
c:\windows\system32\993adoznloader5940.exe
c:\windows\system32\995ha9kt5zl7ca.ocx
c:\windows\system32\99a4z5reat19445.dll
c:\windows\system32\9a3aspyw5re2643z.ocx
c:\windows\system32\9b68thr5zt26540.dll
c:\windows\system32\9d49vzr23735.dll
c:\windows\system32\9d5addwar5188z.exe
c:\windows\system32\9e9zdownl5ader2475.exe
c:\windows\system32\9edz5ir461.dll
c:\windows\system32\9z605irus648.exe
c:\windows\system32\b43dow5loader927z.ocx
c:\windows\system32\d76ad9warez4795.dll
c:\windows\system32\d98ad9w5re2z76.exe
c:\windows\system32\d99thrzat15509.bin
c:\windows\system32\dafaddw5re3z509.dll
c:\windows\system32\e50thrzat9401.cpl
c:\windows\system32\z085downloader5689.dll
c:\windows\system32\z1051s5y49b.dll
c:\windows\system32\z118steal9257.dll
c:\windows\system32\z2b8sparse15069.cpl
c:\windows\system32\z359d5wnlo9der310.cpl
c:\windows\system32\z36595py6aa.exe
c:\windows\system32\z4558spy53e9.cpl
c:\windows\system32\z5052spy99.dll
c:\windows\system32\z5059not-a-vir9s508.exe
c:\windows\system32\z6329p5mbot151.dll
c:\windows\system32\z650vi5u93dc.bin
c:\windows\system32\z6966v9r5s385.ocx
c:\windows\system32\z7554virus139.dll
c:\windows\system32\z81dspa5s92015.dll
c:\windows\system32\z81es9eal5465.dll
c:\windows\system32\z94asp9war51134.bin
c:\windows\system32\z9528viru9573.exe
c:\windows\system32\z959downloade9495.dll
c:\windows\system32\z992threat5550.ocx
c:\windows\system32\zbc55tea93260.exe
c:\windows\system32\zbe5addware1976.ocx
c:\windows\system32\zde9spyware995.exe
c:\windows\system32\ze285hief3192.ocx

.
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 11:28 . 2009-07-09 11:28 6353 ----a-w- c:\windows\55ez9r2.exe
2009-07-07 08:46 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 01:44 . 2009-07-07 01:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 01:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2009-06-30 01:49 -------- d-----w- c:\program files\EA GAMES
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-16 04:58 . 2009-06-16 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 06:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-15 06:38 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 12:00 . 2008-11-01 19:40 572396 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 12:00 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 10:00 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:44 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-07 01:44 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-06-06 22:02 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 05:52 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-06-01 00:15 . 2009-01-14 07:15 4920139 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2009-04-12 03:57 . 2009-04-12 03:51 35762 ----a-w- c:\windows\DIIUnin.dat
2009-04-12 03:56 . 2009-04-12 03:56 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-04-12 03:56 . 2009-04-12 03:56 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-04-12 03:56 . 2009-04-12 03:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-04-12 03:51 . 2009-04-12 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-12 03:51 . 2009-04-12 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-12 03:40 . 2009-03-01 20:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"WmiApSrv"=3 (0x3)
"Wmi"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"usprserv"=3 (0x3)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"UMWdf"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NSCService"=3 (0x3)
"npkcmsvc"=2 (0x2)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MS NetConfig"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"LmHosts"=2 (0x2)
"LightScribeService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"HTTPFilter"=3 (0x3)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ELService"=2 (0x2)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"DcomLaunch"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"Browser"=2 (0x2)
"Bonjour Service"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 nubnq;nubnq;c:\windows\system32\drivers\fyvtvrn.sys --> c:\windows\system32\drivers\fyvtvrn.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/1/2008 11:37 AM 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/1/2008 11:37 AM 298776]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [5/1/2009 5:35 PM 225280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 11:06 AM 951632]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [4/2/2009 1:30 AM 167987]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 05:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
Completion time: 2009-07-10 5:35
ComboFix-quarantined-files.txt 2009-07-10 13:35
ComboFix2.txt 2009-07-10 12:35
ComboFix3.txt 2009-07-10 10:16

Pre-Run: 132,303,896,576 bytes free
Post-Run: 132,274,843,648 bytes free

614


I ran them a third time because my computer still wasn't starting up properly so I disconnected my internet and ran Safe Mode.
As of a few hours ago the problems still weren't fixed so I ran them a 4th time. Then I ran msconfig and checked all the Services that loaded on startup and diselected the ones that were labeled as being from an "Unknown" manufacturer. I managed to get on my computer and internet after this.


mbam Fourth scan

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 5.1.2600 Service Pack 2

7/10/2009 10:46:17 AM
mbam-log-2009-07-10 (10-46-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 293731
Time elapsed: 1 hour(s), 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix Fourth scan

ComboFix 09-07-09.07 - HP_Administrator 07/10/2009 11:18.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1754 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 11:28 . 2009-07-09 11:28 6353 ----a-w- c:\windows\55ez9r2.exe
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 01:44 . 2009-07-10 13:54 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 01:44 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2009-06-30 01:49 -------- d-----w- c:\program files\EA GAMES
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-16 04:58 . 2009-06-16 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 06:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-15 06:38 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 19:01 . 2008-11-01 19:40 572540 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-10 19:01 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-10 13:53 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-10 13:53 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-10 13:46 . 2009-07-10 13:46 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-10 10:00 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-06-06 22:02 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 05:52 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-06-01 00:15 . 2009-01-14 07:15 4920139 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2009-04-12 03:57 . 2009-04-12 03:51 35762 ----a-w- c:\windows\DIIUnin.dat
2009-04-12 03:56 . 2009-04-12 03:56 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-04-12 03:56 . 2009-04-12 03:56 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-04-12 03:56 . 2009-04-12 03:56 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-04-12 03:51 . 2009-04-12 03:51 2829 ----a-w- c:\windows\DIIUnin.pif
2009-04-12 03:51 . 2009-04-12 03:51 94208 ----a-w- c:\windows\DIIUnin.exe
2009-04-12 03:40 . 2009-03-01 20:38 73216 ----a-w- c:\windows\ST6UNST.EXE
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\System\msconfig.exe" [2008-07-02 145408]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
S0 nubnq;nubnq;c:\windows\system32\drivers\fyvtvrn.sys --> c:\windows\system32\drivers\fyvtvrn.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/1/2008 11:37 AM 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/1/2008 11:37 AM 298776]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\jwpen.exe [5/1/2009 5:35 PM 225280]
S2 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe [4/2/2009 1:30 AM 167987]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MDMXSDK
*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-07 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 11:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
Completion time: 2009-07-10 11:37
ComboFix-quarantined-files.txt 2009-07-10 19:37
ComboFix2.txt 2009-07-10 13:35
ComboFix3.txt 2009-07-10 12:35
ComboFix4.txt 2009-07-10 10:16

Pre-Run: 132,538,839,040 bytes free
Post-Run: 132,511,784,960 bytes free

266


An Internet Explorer icon keeps appearing on my desktop after ComboFix finishes.

Edited by DragonXZero, 10 July 2009 - 02:40 PM.


#7 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 10 July 2009 - 03:48 PM

My internet connectivity is also being limited now. I can only use it for 5 - 10 minutes before it stops working for some reason and I have to restart.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 10 July 2009 - 11:46 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
nubnq
asikneud
cgqobbl
poei
COMHOST
MDMXSDK

File::
c:\windows\55ez9r2.exe
c:\windows\System\msconfig.exe
c:\windows\system32\drivers\fyvtvrn.sys
c:\windows\system32\drivers\vldqju.sys
c:\windows\system32\drivers\pdowooz.sys
c:\windows\system32\drivers\xtiwbq.sys

Folder::
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 July 2009 - 01:57 AM

Log for ComboFix

ComboFix 09-07-09.08 - HP_Administrator 07/10/2009 23:20.7.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1577 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\55ez9r2.exe"
"c:\windows\System\msconfig.exe"
"c:\windows\system32\drivers\fyvtvrn.sys"
"c:\windows\system32\drivers\pdowooz.sys"
"c:\windows\system32\drivers\vldqju.sys"
"c:\windows\system32\drivers\xtiwbq.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.dat
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.lan
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.msi
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.par
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.res
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\instance.dat
c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\mia.lib
c:\windows\55ez9r2.exe
c:\windows\System\msconfig.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASIKNEUD
-------\Legacy_CGQOBBL
-------\Legacy_COMHOST
-------\Legacy_POEI
-------\Service_??????????????????????


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 13:46 . 2009-07-10 13:46 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-16 04:58 . 2009-06-16 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 06:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-15 06:38 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 07:34 . 2008-11-01 19:40 582308 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-11 07:34 . 2008-11-01 19:40 50884640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-11 01:08 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-10 23:06 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 22:02 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-07-10 20:12 . 2009-01-14 07:15 6179321 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-07-10 20:01 . 2009-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-07-10 13:53 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-10 13:53 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 22:16 . 2009-07-07 00:06 2789888 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-30 05:30 . 2009-06-30 05:32 2970112 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-30 05:30 . 2009-06-30 05:32 1797632 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-10 23:39 . 2009-05-10 23:40 124928 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2009-05-10 02:25 . 2009-05-10 02:26 2866688 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 08:56 . 2009-04-14 08:57 2860544 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_10.03.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-01 22:27 . 2009-07-10 21:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-12-01 22:27 . 2009-07-06 07:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"npkcmsvc"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"NSCService"=3 (0x3)
"usnjsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"MS NetConfig"=2 (0x2)
"SNDSrvc"=3 (0x3)
"comHost"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
S0 nubnq;nubnq;c:\windows\system32\drivers\fyvtvrn.sys --> c:\windows\system32\drivers\fyvtvrn.sys [?]
S2 asikneud;asikneud;c:\windows\system32\drivers\vldqju.sys --> c:\windows\system32\drivers\vldqju.sys [?]
S2 cgqobbl;cgqobbl;c:\windows\system32\drivers\pdowooz.sys --> c:\windows\system32\drivers\pdowooz.sys [?]
S2 poei;poei;c:\windows\system32\drivers\xtiwbq.sys --> c:\windows\system32\drivers\xtiwbq.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\JWPEN.exe --> c:\windows\system32\JWPEN.exe [?]
S4 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe --> c:\windows\system32\mscfg32.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-11 23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 07:46
ComboFix2.txt 2009-07-11 02:17
ComboFix3.txt 2009-07-11 02:06
ComboFix4.txt 2009-07-10 19:37
ComboFix5.txt 2009-07-11 07:19

Pre-Run: 136,226,172,928 bytes free
Post-Run: 136,194,052,096 bytes free

322

#10 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 July 2009 - 02:59 AM

How do I change my startup settings now that msconfig is gone?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 July 2009 - 04:23 AM

How do I change my startup settings now that msconfig is gone?


What do you mean by that? Can you use the Start >> Run >> msconfig thingy?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 July 2009 - 04:46 AM

Nah, didn't the file you told me to save make ComboFix delete msconfig?
It said in the most current log that c:\windows\System\msconfig.exe was one of the deletions made.

Should I get hotfix KB943232 from microsoft.com?
This was probably a bad idea but I started looking around the net for my problem and I came across this.

http://forums.whatthetech.com/Internet_sto...tes_t93441.html

I pinged using cmd like it said and continued to get results while Instant messenger programs still worked. I took the suggestion that the gerbus guy gave and checked ZoneAlarm out just in case. After I tried uninstalling it... something popped up about internet access being blocked... and I was able to use my internet again. However, when I tried reinstalling ZoneAlarm it said that hotfix KB943232 was missing. And I looked that up and I think it has something to do with msconfig?

#13 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 July 2009 - 04:48 AM

The exact message is... it kinda pops up every now and then

ZoneAlarm Security Alert

Protected

The firewall has blocked Internet access to your Computer (TCP Port 23881) from 83.58.86.98 (TCP Port 22419)[TCP Flag: S].

I thought I uninstalled ZoneAlarm though...


Now it just said

ZoneAlarm Security Alert

Protected

The firewall has blocked Internet access to your computer (UDP Port 1434) from 61.143.64.22 (UDP Port 1994)

I wonder who the random Guest I see reading this is.


I'm just going to disconnect my internet completely again and read this topic from another computer.

Edited by DragonXZero, 11 July 2009 - 05:04 AM.


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 11 July 2009 - 07:08 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
nubnq
asikneud
cgqobbl
poei

FCopy::
C:\Qoobox\Quarantine\C\WINDOWS\System\msconfig.exe | c:\windows\System\msconfig.exe

Rootkit::
c:\windows\system32\drivers\fyvtvrn.sys
c:\windows\system32\drivers\vldqju.sys
c:\windows\system32\drivers\pdowooz.sys
c:\windows\system32\drivers\xtiwbq.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by fenzodahl512, 11 July 2009 - 07:09 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 DragonXZero

DragonXZero
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:39 AM

Posted 11 July 2009 - 07:58 AM

ComboFix log

ComboFix 09-07-09.08 - HP_Administrator 07/11/2009 5:30.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1540 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_asikneud
-------\Service_cgqobbl
-------\Service_nubnq
-------\Service_poei


((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 12:11 . 2009-02-16 08:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-07-11 12:11 . 2009-02-16 08:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-07-11 12:11 . 2009-02-16 08:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-07-11 12:07 . 2009-07-11 12:07 -------- d-----w- c:\program files\Zone Labs
2009-07-10 13:46 . 2009-07-10 13:46 -------- d-----w- c:\program files\Cobian Backup 9
2009-07-10 07:49 . 2009-07-10 07:49 -------- d-----w- c:\program files\Trend Micro
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-10 06:38 . 2009-07-10 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-10 06:38 . 2009-07-10 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-10 06:38 . 2009-06-17 19:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 03:24 . 2009-03-25 00:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\program files\IObit
2009-07-07 01:34 . 2009-07-07 01:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IObit
2009-07-06 14:09 . 2009-07-06 14:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-05 23:11 . 2009-06-27 06:49 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 23:11 . 2009-06-27 06:49 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-05 23:11 . 2009-06-27 06:49 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 23:11 . 2009-06-27 06:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-05 23:11 . 2009-06-27 06:49 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 23:11 . 2009-06-27 06:49 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-05 23:11 . 2009-06-27 06:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-05 23:11 . 2009-06-27 06:49 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-05 23:11 . 2009-06-27 06:49 906520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-07-05 23:09 . 2009-06-27 06:05 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-05 23:09 . 2009-06-27 06:05 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-05 07:08 . 2009-07-05 07:08 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AIM Toolbar
2009-06-30 05:25 . 2009-06-30 05:25 -------- d-----w- c:\program files\The Adventure Company
2009-06-30 01:49 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-16 04:58 . 2009-06-16 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-15 06:38 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-15 06:38 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-15 06:38 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 12:11 . 2007-12-01 21:21 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-11 01:08 . 2008-11-01 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-10 23:06 . 2009-04-14 00:14 6 ----a-w- c:\windows\system32\DFI32.dat
2009-07-10 22:02 . 2008-01-01 03:07 -------- d-----w- c:\program files\ArtMoney
2009-07-10 20:01 . 2009-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-07-10 13:53 . 2009-04-13 08:03 -------- d-----w- c:\program files\Lavasoft
2009-07-10 13:53 . 2008-06-30 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-10 02:11 . 2008-11-12 03:03 -------- d-----w- c:\program files\Steam
2009-07-10 02:09 . 2008-05-12 05:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNA
2009-07-10 02:09 . 2009-01-07 03:34 -------- d-----w- c:\program files\DNA
2009-07-07 09:06 . 2009-03-12 23:25 -------- d-----w- c:\program files\Nexon
2009-07-07 01:37 . 2008-12-21 09:29 -------- d-----w- c:\program files\RegistryFix7
2009-07-06 11:14 . 2007-12-31 09:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-07-05 23:10 . 2008-11-01 19:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 09:36 . 2009-01-07 03:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\BitTorrent
2009-06-27 06:49 . 2008-11-01 19:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-27 06:49 . 2008-11-01 19:37 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 01:25 . 2008-01-12 07:34 -------- d-----w- c:\program files\DScaler
2009-06-24 23:39 . 2008-07-19 11:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!
2009-05-26 14:47 . 2009-05-26 03:13 180 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-05-26 03:13 . 2009-05-26 03:13 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Template
2009-05-17 11:10 . 2007-12-01 22:30 -------- d-----w- c:\program files\Warcraft III
2009-05-13 01:40 . 2009-05-13 01:40 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-05-11 00:33 . 2008-11-01 19:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-10 23:46 . 2009-05-10 23:46 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-02 01:35 . 2009-05-02 01:35 3116 ----a-w- c:\windows\system32\HWTablet.bin
2009-04-14 23:08 . 2007-12-01 22:34 98938 ----a-w- c:\windows\War3Unin.dat
2009-04-14 15:06 . 2006-08-24 19:49 78232 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 07:56 . 2009-04-14 07:56 4096 ----a-w- c:\windows\d3dx.dat
2008-03-13 01:42 . 2008-03-13 01:41 10856 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_10.03.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 12:11 . 2009-02-16 08:10 97672 c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2009-07-11 12:11 . 2008-11-17 10:24 51688 c:\windows\system32\ZoneLabs\srescan.sys
+ 2009-07-11 12:11 . 2009-02-16 08:10 94088 c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 20360 c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 59272 c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 14216 c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 24968 c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 84872 c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 34696 c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 17800 c:\windows\system32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 10120 c:\windows\system32\ZoneLabs\lib\oem_1454.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 10632 c:\windows\system32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 13704 c:\windows\system32\ZoneLabs\lib\oem_1440.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 11656 c:\windows\system32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 11144 c:\windows\system32\ZoneLabs\lib\oem_1010.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 29576 c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 12168 c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 35720 c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 38280 c:\windows\system32\ZoneLabs\featuremap.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 98184 c:\windows\system32\ZoneLabs\fbl.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 74632 c:\windows\system32\ZoneLabs\camupd.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 35208 c:\windows\system32\vswmi.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 58248 c:\windows\system32\vsregexp.dll
+ 2007-12-01 22:27 . 2009-07-10 21:52 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-12-01 22:27 . 2009-07-06 07:26 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-11 12:07 . 2009-07-11 12:07 62464 c:\windows\Installer\961c2.msi
+ 2009-07-11 12:11 . 2009-02-16 08:10 9608 c:\windows\system32\ZoneLabs\lib\oem_1460.zip.dll
+ 2008-07-29 13:23 . 2008-07-29 13:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll
+ 2008-07-29 13:23 . 2008-07-29 13:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll
+ 2008-07-29 11:51 . 2008-07-29 11:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 108424 c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 302472 c:\windows\system32\ZoneLabs\zlsre.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 178568 c:\windows\system32\ZoneLabs\zlparser.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 172936 c:\windows\system32\ZoneLabs\vsvault.dll
+ 2009-07-11 12:10 . 2009-02-16 08:10 108424 c:\windows\system32\ZoneLabs\vsdb.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 176520 c:\windows\system32\ZoneLabs\updclient.exe
- 2008-11-01 19:36 . 2007-10-12 00:50 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-07-11 12:11 . 2007-10-12 00:51 832984 c:\windows\system32\ZoneLabs\updating.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 431496 c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 134536 c:\windows\system32\ZoneLabs\scheduler.dll
+ 2009-07-11 12:11 . 2008-11-17 10:23 796128 c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2009-07-11 12:11 . 2008-11-17 10:23 722400 c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-11-01 19:36 . 2009-02-16 08:10 118664 c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 151944 c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 188808 c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 344968 c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 136584 c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 344456 c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-07-11 12:10 . 2009-02-05 02:27 548128 c:\windows\system32\ZoneLabs\icslta.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 159112 c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2009-07-11 12:11 . 2008-03-18 00:52 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
- 2008-11-01 19:36 . 2004-01-30 20:35 813568 c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 109960 c:\windows\system32\vsxml.dll
+ 2009-07-11 12:10 . 2009-02-16 08:10 482184 c:\windows\system32\vsutil.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 309128 c:\windows\system32\vspubapi.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 107912 c:\windows\system32\vsmonapi.dll
+ 2009-07-11 12:10 . 2009-02-16 08:10 229256 c:\windows\system32\vsinit.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 353672 c:\windows\system32\vsdatant.sys
+ 2009-07-11 12:10 . 2009-02-16 08:10 110472 c:\windows\system32\vsdata.dll
+ 2004-08-10 04:00 . 2008-01-17 17:59 713216 c:\windows\system32\sxs.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 713216 c:\windows\system32\sxs.dll
+ 2004-08-10 04:00 . 2008-01-17 17:59 713216 c:\windows\system32\dllcache\sxs.dll
- 2004-08-10 04:00 . 2004-08-10 04:00 713216 c:\windows\system32\dllcache\sxs.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 1648520 c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2009-07-11 12:11 . 2009-02-16 08:10 2402184 c:\windows\system32\ZoneLabs\vsmon.exe
+ 2009-07-11 12:11 . 2008-11-17 10:23 1512928 c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-11-01 19:36 . 2009-02-16 08:10 1536392 c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2009-07-11 12:11 . 2008-12-15 09:11 10465257 c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2009-07-11 12:11 . 2008-12-15 09:11 10465257 c:\windows\system32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-24 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-24 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-27 06:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=c:\windows\pss\Hanvon Shell.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"npkcmsvc"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"ose"=3 (0x3)
"NSCService"=3 (0x3)
"usnjsvc"=3 (0x3)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"HWSuperPowerTablet"=2 (0x2)
"MS NetConfig"=2 (0x2)
"SNDSrvc"=3 (0x3)
"comHost"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=3 (0x3)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Virtual PBX Web Server
"59059:TCP"= 59059:TCP:Pando Media Booster
"59059:UDP"= 59059:UDP:Pando Media Booster

R0 hypen;Hy Pen;c:\windows\system32\drivers\HYPEN.sys [5/1/2009 5:35 PM 10548]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/1/2008 11:37 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/1/2008 11:37 AM 108552]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S3 XDva231;XDva231;\??\c:\windows\system32\XDva231.sys --> c:\windows\system32\XDva231.sys [?]
S3 XDva234;XDva234;\??\c:\windows\system32\XDva234.sys --> c:\windows\system32\XDva234.sys [?]
S3 XDva259;XDva259;\??\c:\windows\system32\XDva259.sys --> c:\windows\system32\XDva259.sys [?]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe --> c:\progra~1\AVG\AVG8\avgemc.exe [?]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 HWSuperPowerTablet;HWSuperPowerTablet;c:\windows\system32\JWPEN.exe --> c:\windows\system32\JWPEN.exe [?]
S4 MS NetConfig;MS NetConfig(MS NetWork Services);c:\windows\system32\mscfg32.exe --> c:\windows\system32\mscfg32.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 1:56 PM 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - HYCtl
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 12:08]

2009-07-11 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]

2009-07-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-11-27 18:55]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSConfig - c:\documents and settings\HP_Administrator\Desktop\msconfig.exe


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\n43x4fhi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 05:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1323339851-1466613017-3173419613-1007\Software\SecuROM\License information*]
"datasecu"=hex:32,07,3c,99,f9,4d,43,28,b2,3c,a5,92,82,a1,9a,ad,70,c3,b0,18,cc,
33,37,5e,8e,ef,74,0b,f9,c9,1b,ca,15,5f,1a,98,01,3e,f3,36,37,ee,9b,f3,35,ce,\
"rkeysecu"=hex:c0,12,cd,fc,fe,3c,e5,2c,42,34,f2,67,a9,f1,1c,05
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-11 5:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-11 13:53
ComboFix2.txt 2009-07-11 07:46
ComboFix3.txt 2009-07-11 02:17
ComboFix4.txt 2009-07-11 02:06
ComboFix5.txt 2009-07-11 13:29

Pre-Run: 136,105,127,936 bytes free
Post-Run: 136,081,371,136 bytes free

369


hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:59 AM, on 7/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.50
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229848843250
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6492 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users