Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Packet Dropper & Trojans galore


  • This topic is locked This topic is locked
2 replies to this topic

#1 Delboy24

Delboy24

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 22 September 2010 - 03:02 PM

Hi,

About 3 months ago, I had an infection which opened about 90 trojans in less than 20 minutes. I followed the guides on here for removal for a number of issues and all seemed ok....I am guessing I did not get rid of everything..

This evening, AVG flagged 6 trojans coming up in one go, then I got Antimalware Doctor installed automatically on my pc.

I have run MWBytes and removed 3 but cant get rid of the rest and I think I still have issues - 3 blue screens since rebooting when running GMER scan.

I have DDS log and a hijack this log - but cannot seem to get the GMER to run completely, I have set options as defined - please advise if you can.

Oh and MWBytes is now displaying an error 2 code (whatever that is) in spite of 2 re-installs and my pc is sluggish.

Thx in advance

Del



DDS (Ver_10-03-17.01) - NTFSx86
Run by paul at 18:55:00.26 on 22/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1716 [GMT 1:00]

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:Windowssystem32wininit.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalService
C:WindowsSystem32ZoneLabsvsmon.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Windowssystem32crypserv.exe
C:Windowssystem32dgdersvc.exe
C:Program FilesAVGAVG9avgnsx.exe
C:ProgramDataEPSONEPW!3 SSRPE_S40ST7.EXE
C:ProgramDataEPSONEPW!3 SSRPE_S40RP7.EXE
C:Windowssystem32FsUsbExService.Exe
c:hpHPEZBTNHPBtnSrv.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Windowssystem32lxdicoms.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesPostgreSQL8.3binpg_ctl.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32taskeng.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32jureg.exe
C:Windowssystem32schtasks.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesSamsungKiesKiesTrayAgent.exe
C:Userspaul.COMMgrcomplmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WindowsSystem32rundll32.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:Program FilesiPodbiniPodService.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:hpkbdkbd.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:PROGRA~1MICROS~3Office12OUTLOOK.EXE
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UserspaulDownloadsdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://dpbuk.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformroboform.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:program filesstumbleuponStumbleUponIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:program filesimacrosimacros.dll
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesnerolibNMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:program filescommon fileslightscribeLightScribeControlPanel.exe -hidden
uRun: [EPSON Stylus SX400 Series] c:windowssystem32spooldriversw32x863e_fatiege.exe /fu "c:windowstempE_SF76A.tmp" /EF "HKCU"
uRun: [EPSON Stylus SX400 Series (Copy 1)] c:windowssystem32spooldriversw32x863e_fatiege.exe /fu "c:windowstempE_S7561.tmp" /EF "HKCU"
uRun: [Google Update] "c:userspaulappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [RoboForm] "c:program filessiber systemsai roboformRoboTaskBarIcon.exe"
uRun: [PC Suite Tray] "c:program filesnokianokia pc suite 7PCSuite.exe" -onlytray
uRun: [KiesTrayAgent] c:program filessamsungkiesKiesTrayAgent.exe
uRun: [DriverScanner] "c:program filesunibluedriverscannerlauncher.exe" delay 20000
uRun: [COM+ Manager] "c:userspaul.commgrcomplmgr.exe"
mRun: [hpsysdrv] c:hpsupporthpsysdrv.exe
mRun: [OsdMaestro] "c:program fileshewlett-packardon-screen osd indicatorOSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:windowssystem32jureg.exe"
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:program filescommon filesnerolibNeroCheck.exe
mRun: [NBKeyScan] "c:program filesneronero8nero backitupNBKeyScan.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [SSBkgdUpdate] "c:program filescommon filesscansoft sharedssbkgdupdateSSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:program filesscansoftpaperportpptd40nt.exe"
mRun: [IndexSearch] "c:program filesscansoftpaperportIndexSearch.exe"
mRun: [PPort11reminder] "c:program filesscansoftpaperporteregereg.exe" -r "c:programdatascansoftpaperport11configeregEreg.ini
mRun: [Google Quick Search Box] "c:program filesgooglequick search boxGoogleQuickSearchBox.exe" /autorun
mRun: [KBD] c:hpkbdKbdStub.EXE
mRun: [IAAnotif] "c:program filesintelintel matrix storage managerIaanotif.exe"
mRun: [NokiaMServer] c:program filescommon filesnokiamplatformNokiaMServer /watchfiles
mRun: [Nokia FastStart] "c:program filesnokianokia musicNokiaMusic.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [NPSStartup]
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:windowssystem32nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"
mRun: [Adobe_ID0ENQBO] c:progra~1common~1adobeadobe version cue cs4serverbinVersionCueCS4Tray.exe
mRun: [Google Desktop Search] "c:program filesgooglegoogle desktop searchGoogleDesktop.exe" /startup
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
mRun: [ISTray] "c:program filesspyware doctorpctsTray.exe"
mRun: [KiesTrayAgent] c:program filessamsungkiesKiesTrayAgent.exe
StartupFolder: c:userspaulappdataroamingmicros~1windowsstartm~1programsstartupantimalware doctor.lnk - c:userspaulappdataroaming4423fe6cd6270e7cce876c086e1b9805handlerfix70700en00.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:program filessiber systemsai roboformRoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:progra~1micros~3office12EXCEL.EXE/3000
IE: Fill Forms - file://c:program filessiber systemsai roboformRoboFormComFillForms.html
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:program filessiber systemsai roboformRoboFormComShowToolbar.html
IE: Save Forms - file://c:program filessiber systemsai roboformRoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:program filessiber systemsai roboformRoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:program filessiber systemsai roboformRoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:program filespokerstarsPokerStarsUpdate.exe
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - c:programspartygamingpartygammonRunBackGammon.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformRoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:program filesimacrosimacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~3office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office12REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:userspaulappdatalocaltempixp000.tmpInstallerControl.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - c:userspaulappdatalocaltempf5tmpurTermProxy.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:userspaulappdatalocaltempf5tmpurxhost.cab
TCP: {2FA9592D-E2BB-4777-A3C9-80EA6E797A6A} = 194.168.4.100,194.168.8.100
TCP: {9E5FBC06-FD49-493D-99CE-6F217D4AD159} = 194.168.4.100,194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:program filesavgavg9toolbarIEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
AppInit_DLLs: c:progra~1googlegoogle~3goec62~1.dll,c:progra~1googlegoogle~3GoogleDesktopNetwork3.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:program filespixiepack codec packInstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:userspaulappdataroamingmozillafirefoxprofilesv03y8lsw.default
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - plugin: c:program filesgooglegoogle updater2.4.1851.5542npCIDetect14.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:userspaulappdatalocalgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - plugin: c:windowssystem32c2mpnpdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: XULRunner: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} - c:userspaulappdatalocal{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2010-4-20 28552]
R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2010-9-10 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-8-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-8-31 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2010-8-31 243024]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-8-31 308136]
R2 dgdersvc;Device Error Recovery Service;c:windowssystem32dgdersvc.exe [2010-7-26 95568]
R2 FsUsbExService;FsUsbExService;c:windowssystem32FsUsbExService.Exe [2009-8-25 217088]
R2 HPBtnSrv;HP Chasis Button Service;c:hphpezbtnHPBtnSrv.exe [2008-1-9 198240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2008-9-22 47640]
R2 lxdi_device;lxdi_device;c:windowssystem32lxdicoms.exe -service --> c:windowssystem32lxdicoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filespostgresql8.3binpg_ctl.exe [2008-9-19 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2010-9-10 366840]
R2 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2010-9-10 1142224]
R3 dgderdrv;dgderdrv;c:windowssystem32driversdgderdrv.sys [2010-7-26 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [2009-8-25 36640]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:windowssystem32driversHCW85BDA.sys [2008-1-9 1129344]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-9-2 20952]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:windowssystem32driversnetr73.sys [2008-1-9 464384]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-2-12 135664]
S2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2010-9-2 304464]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filescommon filesadobeadobe version cue cs4serverbinVersionCueCS4.exe [2008-8-15 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesavgavg9toolbarToolbarBroker.exe [2010-8-31 431432]
S3 DfSdkS;Defragmentation-Service;c:program filesashampooashampoo winoptimizer 6DfSdkS.exe [2010-8-31 406016]
S3 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:program filesgooglegoogle desktop searchGoogleDesktop.exe [2008-3-31 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2009-9-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2009-9-5 40552]
S3 pbfilter;pbfilter;c:userspauldocumentsdownloadspeerblock_r181__win32_release_(vista)pbfilter.sys [2010-5-8 16472]
S3 SndTAudio;SndTAudio;c:windowssystem32driversSndTAudio.sys [2009-6-3 23096]
S3 SndTVideo;SndTVideo;c:windowssystem32driversSndTVideo.sys [2009-6-3 3768]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:program filesstumbleuponStumbleUponUpdateService.exe [2010-4-7 120232]

=============== Created Last 30 ================

2010-09-22 16:16:39 0 d-----w- c:windowsLastGood.Tmp
2010-09-15 06:38:34 502272 ----a-w- c:windowssystem32usp10.dll
2010-09-15 06:38:32 128000 ----a-w- c:windowssystem32spoolsv.exe
2010-09-15 06:38:30 317952 ----a-w- c:windowssystem32MP4SDECD.DLL
2010-09-15 06:38:27 739328 ----a-w- c:windowssystem32inetcomm.dll
2010-09-11 15:24:16 0 d-----w- c:program filesEasyPHP-5.3.3
2010-09-11 15:14:49 0 d-----w- c:program filesApex Pacific
2010-09-10 17:42:45 7387 ----a-w- c:windowssystem32driverspctgntdi.cat
2010-09-10 17:42:45 233136 ----a-w- c:windowssystem32driverspctgntdi.sys
2010-09-10 17:42:45 100136 ----a-w- c:windowssystem32driverspctwfpfilter.sys
2010-09-10 17:42:36 88040 ----a-w- c:windowssystem32driversPCTAppEvent.sys
2010-09-10 17:42:36 7412 ----a-w- c:windowssystem32driversPCTAppEvent.cat
2010-09-10 17:42:36 7383 ----a-w- c:windowssystem32driverspctcore.cat
2010-09-10 17:42:36 218592 ----a-w- c:windowssystem32driversPCTCore.sys
2010-09-10 17:42:30 7383 ----a-w- c:windowssystem32driverspctplsg.cat
2010-09-10 17:42:30 63360 ----a-w- c:windowssystem32driverspctplsg.sys
2010-09-10 17:42:13 0 d-----w- c:userspaulappdataroamingPC Tools
2010-09-10 17:42:13 0 d-----w- c:programdataPC Tools
2010-09-10 17:42:13 0 d-----w- c:program filesSpyware Doctor
2010-09-10 17:42:13 0 d-----w- c:program filescommon filesPC Tools
2010-09-04 16:05:29 0 d-----w- c:userspaulappdataroamingAffilorama
2010-09-04 16:05:28 0 d-----w- c:program filesTraffic Travis v3
2010-09-04 13:39:29 0 d-----w- c:userspaulDoctorWeb
2010-09-03 21:37:46 221568 ----a-w- c:windowssystem32driversnetio.sys
2010-09-03 21:37:24 1238528 ----a-w- c:windowssystem32zpeng25.dll
2010-09-03 21:23:38 457304 ----a-w- c:windowssystem32driversvsdatant.sys
2010-09-03 21:23:38 420800 ---ha-w- c:windowssystem32driversvsconfig.xml
2010-09-03 21:23:38 0 d-----w- c:windowssystem32ZoneLabs
2010-09-03 21:23:38 0 d-----w- c:program filesZone Labs
2010-09-03 21:22:41 0 d-----w- c:programdataCheckPoint
2010-09-03 21:22:38 0 d-----w- c:windowsInternet Logs
2010-09-03 21:05:04 65536 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
2010-09-03 21:05:04 524288 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
2010-09-03 21:05:04 524288 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 21:22:32 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-09-02 21:22:31 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-09-02 21:22:31 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-09-02 20:36:43 0 d-sh--w- c:userspaul.COMMgr
2010-09-02 20:36:21 0 d-----w- c:userspaulappdataroaming4423FE6CD6270E7CCE876C086E1B9805
2010-08-31 22:12:05 0 d--h--w- C:$AVG
2010-08-31 21:12:25 0 d-----w- c:userspaulappdataroamingGlarySoft
2010-08-31 21:12:24 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-08-31 21:12:22 243024 ----a-w- c:windowssystem32driversavgtdix.sys
2010-08-31 21:12:16 216400 ----a-w- c:windowssystem32driversavgldx86.sys
2010-08-31 21:12:14 0 d-----w- c:windowssystem32driversAvg
2010-08-31 21:12:12 0 d-----w- c:programdataAVG Security Toolbar
2010-08-31 21:10:04 0 d-----w- c:program filesAVG
2010-08-31 21:09:46 0 d-----w- c:programdataavg9
2010-08-31 20:17:33 0 d-----w- c:programdataUniblue
2010-08-31 20:17:29 0 d-----w- c:userspaulappdataroamingUniblue
2010-08-31 20:15:18 28160 ----a-w- c:windowssystem32DfSdkBt.exe
2010-08-29 17:23:10 0 d-----w- c:program filesTwitterBlasterPro
2010-08-29 16:40:38 184076 ---ha-w- c:windowssystem32mlfcache.dat
2010-08-29 16:16:21 0 d-----w- c:userspaulappdataroamingcom.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
2010-08-24 18:14:53 0 d-----w- c:userspaulappdataroamingubot

==================== Find3M ====================

2010-09-22 16:36:56 86016 ----a-w- c:windowsinfinfpub.dat
2010-09-22 16:36:56 143360 ----a-w- c:windowsinfinfstrng.dat
2010-09-22 16:36:56 143360 ----a-w- c:windowsinfinfstor.dat
2010-09-03 21:05:18 262144 ----a-w- C:ntuser.dat
2010-08-06 17:37:26 0 ---ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01009.Wdf
2010-08-06 17:37:25 0 ---ha-w- c:windowssystem32driversMsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-06 17:12:53 0 ---ha-w- c:windowssystem32driversMsft_User_PCCSWpdDriver_01_05_00.Wdf
2010-07-27 14:57:18 49152 ----a-r- c:windowssystem32inetwh32.dll
2010-07-27 14:57:18 1044480 ----a-r- c:windowssystem32roboex32.dll
2010-07-26 13:17:06 95568 ----a-w- c:windowssystem32dgdersvc.exe
2010-07-26 13:17:06 726352 ----a-w- c:windowssystem32dgderapi.dll
2010-07-26 13:17:06 319456 ----a-w- c:windowssystem32DIFxAPI.dll
2010-07-26 13:17:06 18136 ----a-w- c:windowssystem32driversdgderdrv.sys
2010-07-26 13:15:26 36640 ----a-w- c:windowssystem32FsUsbExDisk.Sys
2010-07-26 13:15:26 217088 ----a-w- c:windowssystem32FsUsbExService.Exe
2010-06-26 06:05:49 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:windowssystem32iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:windowssystem32iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:windowssystem32ieUnatt.exe
2010-05-05 02:19:17 665600 ----a-w- c:windowsinfdrvindex.dat
2009-12-28 16:17:03 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-10-15 02:26:13 245760 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2009-12-21 19:39:51 16384 --sha-w- c:windowsserviceprofilesnetworkserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2009-12-21 19:39:51 32768 --sha-w- c:windowsserviceprofilesnetworkserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2009-12-21 19:39:51 16384 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowscookiesindex.dat
2009-10-16 18:08:10 245760 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2008-01-08 23:03:03 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT

============= FINISH: 18:57:51.97 ===============



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:03, on 22/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32jureg.exe
C:Windowssystem32schtasks.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesSamsungKiesKiesTrayAgent.exe
C:Userspaul.COMMgrcomplmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:hpkbdkbd.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:PROGRA~1MICROS~3Office12OUTLOOK.EXE
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32SearchFilterHost.exe
C:UserspaulDownloadsHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dpbuk.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:Program FilesStumbleUponStumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O4 - HKLM..Run: [hpsysdrv] c:hpsupporthpsysdrv.exe
O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [SunJavaUpdateReg] "C:Windowssystem32jureg.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] "C:Program FilesScanSoftPaperPortpptd40nt.exe"
O4 - HKLM..Run: [IndexSearch] "C:Program FilesScanSoftPaperPortIndexSearch.exe"
O4 - HKLM..Run: [PPort11reminder] "C:Program FilesScanSoftPaperPortEregEreg.exe" -r "C:ProgramDataScanSoftPaperPort11ConfigEregEreg.ini
O4 - HKLM..Run: [Google Quick Search Box] "C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe" /autorun
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [IAAnotif] "C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
O4 - HKLM..Run: [NokiaMServer] C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles
O4 - HKLM..Run: [Nokia FastStart] "C:Program FilesNokiaNokia MusicNokiaMusic.exe" /command:faststart
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeAdobe Version Cue CS4ServerbinVersionCueCS4Tray.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [Malwarebytes' Anti-Malware] "C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe" /starttray
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [EPSON Stylus SX400 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU "C:WindowsTEMPE_SF76A.tmp" /EF "HKCU"
O4 - HKCU..Run: [EPSON Stylus SX400 Series (Copy 1)] C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU "C:WindowsTEMPE_S7561.tmp" /EF "HKCU"
O4 - HKCU..Run: [Google Update] "C:UserspaulAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"
O4 - HKCU..Run: [PC Suite Tray] "C:Program FilesNokiaNokia PC Suite 7PCSuite.exe" -onlytray
O4 - HKCU..Run: [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
O4 - HKCU..Run: [DriverScanner] "C:Program FilesUniblueDriverScannerlauncher.exe" delay 20000
O4 - HKCU..Run: [COM+ Manager] "C:Userspaul.COMMgrcomplmgr.exe"
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-2392193440-2477452000-396362505-1002..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'postgres')
O4 - Startup: Antimalware Doctor.lnk = C:UserspaulAppDataRoaming4423FE6CD6270E7CCE876C086E1B9805handlerfix70700en00.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:Program FilesiMacrosimacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:Program FilesiMacrosimacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:Program FilesPokerStarsPokerStarsUpdate.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:ProgramsPartyGamingPartyGammonRunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:ProgramsPartyGamingPartyGammonRunBackGammon.exe (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:UserspaulAppDataLocalTempIXP000.TMPInstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - C:UserspaulAppDataLocalTempf5tmpurTermProxy.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:UserspaulAppDataLocalTempf5tmpurxhost.cab
O17 - HKLMSystemCCSServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCCSServicesTcpip..{9E5FBC06-FD49-493D-99CE-6F217D4AD159}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS1ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS4ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS5ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL,C:PROGRA~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerbinVersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:Program FilesAVGAVG9ToolbarToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WindowsSYSTEM32crypserv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:Program FilesAshampooAshampoo WinOptimizer 6Dfsdks.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:Windowssystem32dgdersvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:Windowssystem32FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:Program FilesNOSbingetPlus_HelperSvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:hpHPEZBTNHPBtnSrv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: lxdi_device - - C:Windowssystem32lxdicoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:Program FilesPostgreSQL8.3binpg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:Program FilesStumbleUponStumbleUponUpdateService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WindowsSystem32ZoneLabsvsmon.exe

--
End of file - 18991 bytes

Managed to get a full GMER log overnight - pc still a nightmare (took over hr to open browser up to log on) - please help..

Also had a firewall block for an .exe called malware.unruy ???

Just as a note and the current delays in responses, for note for techs, I have not used this pc since the last set of scans were complete, so there is no need for me to re-run any scans.
Hope this helps

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 25 September 2010 - 05:31 PM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:52 PM

Posted 27 September 2010 - 01:08 PM

Hello Delboy24,

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

************

Please download RKill by Grinler from one of the 4 links below and save it to your desktop

Link #1
Link #2
Link #3
Link #4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* Go to the Update tabe and download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Note: if your still have problems with running Malwarebytes, you can try running it with SAFE MODE WITH NETWORKING

QUOTE
How to boot to Safe Mode with Networking
tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode with Networking" from the menu......,then press the "Enter" key.


If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:52 PM

Posted 04 October 2010 - 12:10 AM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users