This topic is locked
About 3 months ago, I had an infection which opened about 90 trojans in less than 20 minutes. I followed the guides on here for removal for a number of issues and all seemed ok....I am guessing I did not get rid of everything..
This evening, AVG flagged 6 trojans coming up in one go, then I got Antimalware Doctor installed automatically on my pc.
I have run MWBytes and removed 3 but cant get rid of the rest and I think I still have issues - 3 blue screens since rebooting when running GMER scan.
I have DDS log and a hijack this log - but cannot seem to get the GMER to run completely, I have set options as defined - please advise if you can.
Oh and MWBytes is now displaying an error 2 code (whatever that is) in spite of 2 re-installs and my pc is sluggish.
Thx in advance
Del
DDS (Ver_10-03-17.01) - NTFSx86
Run by paul at 18:55:00.26 on 22/09/2010
Internet Explorer: 8.0.6001.18943
MicrosoftŪ Windows VistaâĒ Home Premium 6.0.6002.2.1252.44.1033.18.3326.1716 [GMT 1:00]
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:Windowssystem32wininit.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k rpcss
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k GPSvcGroup
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalService
C:WindowsSystem32ZoneLabsvsmon.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Windowssystem32crypserv.exe
C:Windowssystem32dgdersvc.exe
C:Program FilesAVGAVG9avgnsx.exe
C:ProgramDataEPSONEPW!3 SSRPE_S40ST7.EXE
C:ProgramDataEPSONEPW!3 SSRPE_S40RP7.EXE
C:Windowssystem32FsUsbExService.Exe
c:hpHPEZBTNHPBtnSrv.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Windowssystem32lxdicoms.exe
C:Program FilesNeroNero8Nero BackItUpNBService.exe
C:Program FilesPostgreSQL8.3binpg_ctl.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Program FilesPostgreSQL8.3binpostgres.exe
C:Windowssystem32svchost.exe -k imgsvc
C:Windowssystem32SearchIndexer.exe
C:Windowssystem32taskeng.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32jureg.exe
C:Windowssystem32schtasks.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesSamsungKiesKiesTrayAgent.exe
C:Userspaul.COMMgrcomplmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexingService.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WindowsSystem32rundll32.exe
c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
C:Program FilesiPodbiniPodService.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPC Connectivity SolutionServiceLayer.exe
C:Program FilesPC Connectivity SolutionTransportsNclUSBSrv.exe
C:Program FilesPC Connectivity SolutionTransportsNclRSSrv.exe
C:hpkbdkbd.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:PROGRA~1MICROS~3Office12OUTLOOK.EXE
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:UserspaulDownloadsdds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://dpbuk.co.uk/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformroboform.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:program filesstumbleuponStumbleUponIEBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:program filesadobe/Adobe Contribute CS4/contributeieplugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:program filesimacrosimacros.dll
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:windowsehomeehTray.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesnerolibNMBgMonitor.exe"
uRun: [LightScribe Control Panel] c:program filescommon fileslightscribeLightScribeControlPanel.exe -hidden
uRun: [EPSON Stylus SX400 Series] c:windowssystem32spooldriversw32x863e_fatiege.exe /fu "c:windowstempE_SF76A.tmp" /EF "HKCU"
uRun: [EPSON Stylus SX400 Series (Copy 1)] c:windowssystem32spooldriversw32x863e_fatiege.exe /fu "c:windowstempE_S7561.tmp" /EF "HKCU"
uRun: [Google Update] "c:userspaulappdatalocalgoogleupdateGoogleUpdate.exe" /c
uRun: [RoboForm] "c:program filessiber systemsai roboformRoboTaskBarIcon.exe"
uRun: [PC Suite Tray] "c:program filesnokianokia pc suite 7PCSuite.exe" -onlytray
uRun: [KiesTrayAgent] c:program filessamsungkiesKiesTrayAgent.exe
uRun: [DriverScanner] "c:program filesunibluedriverscannerlauncher.exe" delay 20000
uRun: [COM+ Manager] "c:userspaul.commgrcomplmgr.exe"
mRun: [hpsysdrv] c:hpsupporthpsysdrv.exe
mRun: [OsdMaestro] "c:program fileshewlett-packardon-screen osd indicatorOSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:windowssystem32jureg.exe"
mRun: [<NO NAME>]
mRun: [NeroFilterCheck] c:program filescommon filesnerolibNeroCheck.exe
mRun: [NBKeyScan] "c:program filesneronero8nero backitupNBKeyScan.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [SSBkgdUpdate] "c:program filescommon filesscansoft sharedssbkgdupdateSSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:program filesscansoftpaperportpptd40nt.exe"
mRun: [IndexSearch] "c:program filesscansoftpaperportIndexSearch.exe"
mRun: [PPort11reminder] "c:program filesscansoftpaperporteregereg.exe" -r "c:programdatascansoftpaperport11configeregEreg.ini
mRun: [Google Quick Search Box] "c:program filesgooglequick search boxGoogleQuickSearchBox.exe" /autorun
mRun: [KBD] c:hpkbdKbdStub.EXE
mRun: [IAAnotif] "c:program filesintelintel matrix storage managerIaanotif.exe"
mRun: [NokiaMServer] c:program filescommon filesnokiamplatformNokiaMServer /watchfiles
mRun: [Nokia FastStart] "c:program filesnokianokia musicNokiaMusic.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [NPSStartup]
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:windowssystem32nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"
mRun: [Adobe_ID0ENQBO] c:progra~1common~1adobeadobe version cue cs4serverbinVersionCueCS4Tray.exe
mRun: [Google Desktop Search] "c:program filesgooglegoogle desktop searchGoogleDesktop.exe" /startup
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
mRun: [ISTray] "c:program filesspyware doctorpctsTray.exe"
mRun: [KiesTrayAgent] c:program filessamsungkiesKiesTrayAgent.exe
StartupFolder: c:userspaulappdataroamingmicros~1windowsstartm~1programsstartupantimalware doctor.lnk - c:userspaulappdataroaming4423fe6cd6270e7cce876c086e1b9805handlerfix70700en00.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:program filessiber systemsai roboformRoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:progra~1micros~3office12EXCEL.EXE/3000
IE: Fill Forms - file://c:program filessiber systemsai roboformRoboFormComFillForms.html
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:program filessiber systemsai roboformRoboFormComShowToolbar.html
IE: Save Forms - file://c:program filessiber systemsai roboformRoboFormComSavePass.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:program filessiber systemsai roboformRoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:program filessiber systemsai roboformRoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:program filespokerstarsPokerStarsUpdate.exe
IE: {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - c:programspartygamingpartygammonRunBackGammon.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:program filessiber systemsai roboformRoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:program filesimacrosimacros.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~3office12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~3office12REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - c:userspaulappdatalocaltempixp000.tmpInstallerControl.cab
DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - c:userspaulappdatalocaltempf5tmpurTermProxy.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - c:userspaulappdatalocaltempf5tmpurxhost.cab
TCP: {2FA9592D-E2BB-4777-A3C9-80EA6E797A6A} = 194.168.4.100,194.168.8.100
TCP: {9E5FBC06-FD49-493D-99CE-6F217D4AD159} = 194.168.4.100,194.168.8.100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:program filesavgavg9toolbarIEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
AppInit_DLLs: c:progra~1googlegoogle~3goec62~1.dll,c:progra~1googlegoogle~3GoogleDesktopNetwork3.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:program filespixiepack codec packInstallerHelper.exe
================= FIREFOX ===================
FF - ProfilePath - c:userspaulappdataroamingmozillafirefoxprofilesv03y8lsw.default
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - plugin: c:program filesgooglegoogle updater2.4.1851.5542npCIDetect14.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:userspaulappdatalocalgoogleupdate1.2.183.29npGoogleOneClick8.dll
FF - plugin: c:windowssystem32c2mpnpdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: XULRunner: {DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130} - c:userspaulappdatalocal{DBD8D0E4-E9C8-4ED5-BA6A-B4B3BFD6B130}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_colors", true);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.use_native_popup_windows", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.enable_click_image_resizing", true);
c:program filesmozilla firefoxgreprefsall.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.high_water_mark", 32);
c:program filesmozilla firefoxgreprefsall.js - pref("javascript.options.mem.gc_frequency", 1600);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.lu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nu", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.nz", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.IDN.whitelist.tel", true);
c:program filesmozilla firefoxgreprefsall.js - pref("network.auth.force-generic-ntlm", false);
c:program filesmozilla firefoxgreprefsall.js - pref("network.proxy.type", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.count", 24);
c:program filesmozilla firefoxgreprefsall.js - pref("network.buffer.cache.size", 4096);
c:program filesmozilla firefoxgreprefsall.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:program filesmozilla firefoxgreprefsall.js - pref("svg.smil.enabled", false);
c:program filesmozilla firefoxgreprefsall.js - pref("ui.trackpoint_hack.enabled", -1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.debug", false);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.agedWeight", 2);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.bucketSize", 1);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.maxTimeGroupings", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.timeGroupingSize", 604800);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.boundaryWeight", 25);
c:program filesmozilla firefoxgreprefsall.js - pref("browser.formfill.prefixWeight", 5);
c:program filesmozilla firefoxgreprefsall.js - pref("accelerometer.enabled", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:program filesmozilla firefoxdefaultspreffirefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("lightweightThemes.update.enabled", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.allTabs.previews", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("plugins.update.notifyUser", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("toolbar.customization.usesheet", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("dom.ipc.plugins.enabled", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.enable", false);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.max", 20);
c:program filesmozilla firefoxdefaultspreffirefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2010-4-20 28552]
R0 PCTCore;PCTools KDS;c:windowssystem32driversPCTCore.sys [2010-9-10 218592]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-8-31 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-8-31 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2010-8-31 243024]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-8-31 308136]
R2 dgdersvc;Device Error Recovery Service;c:windowssystem32dgdersvc.exe [2010-7-26 95568]
R2 FsUsbExService;FsUsbExService;c:windowssystem32FsUsbExService.Exe [2009-8-25 217088]
R2 HPBtnSrv;HP Chasis Button Service;c:hphpezbtnHPBtnSrv.exe [2008-1-9 198240]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2008-9-22 47640]
R2 lxdi_device;lxdi_device;c:windowssystem32lxdicoms.exe -service --> c:windowssystem32lxdicoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:program filespostgresql8.3binpg_ctl.exe [2008-9-19 65536]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2010-9-10 366840]
R2 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2010-9-10 1142224]
R3 dgderdrv;dgderdrv;c:windowssystem32driversdgderdrv.sys [2010-7-26 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:windowssystem32FsUsbExDisk.Sys [2009-8-25 36640]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:windowssystem32driversHCW85BDA.sys [2008-1-9 1129344]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2010-9-2 20952]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:windowssystem32driversnetr73.sys [2008-1-9 464384]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2010-2-12 135664]
S2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2010-9-2 304464]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:program filescommon filesadobeadobe version cue cs4serverbinVersionCueCS4.exe [2008-8-15 284016]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesavgavg9toolbarToolbarBroker.exe [2010-8-31 431432]
S3 DfSdkS;Defragmentation-Service;c:program filesashampooashampoo winoptimizer 6DfSdkS.exe [2010-8-31 406016]
S3 FontCache;Windows Font Cache Service;c:windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-6-6 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:program filesgooglegoogle desktop searchGoogleDesktop.exe [2008-3-31 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:windowssystem32driversmferkdk.sys [2009-9-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:windowssystem32driversmfesmfk.sys [2009-9-5 40552]
S3 pbfilter;pbfilter;c:userspauldocumentsdownloadspeerblock_r181__win32_release_(vista)pbfilter.sys [2010-5-8 16472]
S3 SndTAudio;SndTAudio;c:windowssystem32driversSndTAudio.sys [2009-6-3 23096]
S3 SndTVideo;SndTVideo;c:windowssystem32driversSndTVideo.sys [2009-6-3 3768]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:program filesstumbleuponStumbleUponUpdateService.exe [2010-4-7 120232]
=============== Created Last 30 ================
2010-09-22 16:16:39 0 d-----w- c:windowsLastGood.Tmp
2010-09-15 06:38:34 502272 ----a-w- c:windowssystem32usp10.dll
2010-09-15 06:38:32 128000 ----a-w- c:windowssystem32spoolsv.exe
2010-09-15 06:38:30 317952 ----a-w- c:windowssystem32MP4SDECD.DLL
2010-09-15 06:38:27 739328 ----a-w- c:windowssystem32inetcomm.dll
2010-09-11 15:24:16 0 d-----w- c:program filesEasyPHP-5.3.3
2010-09-11 15:14:49 0 d-----w- c:program filesApex Pacific
2010-09-10 17:42:45 7387 ----a-w- c:windowssystem32driverspctgntdi.cat
2010-09-10 17:42:45 233136 ----a-w- c:windowssystem32driverspctgntdi.sys
2010-09-10 17:42:45 100136 ----a-w- c:windowssystem32driverspctwfpfilter.sys
2010-09-10 17:42:36 88040 ----a-w- c:windowssystem32driversPCTAppEvent.sys
2010-09-10 17:42:36 7412 ----a-w- c:windowssystem32driversPCTAppEvent.cat
2010-09-10 17:42:36 7383 ----a-w- c:windowssystem32driverspctcore.cat
2010-09-10 17:42:36 218592 ----a-w- c:windowssystem32driversPCTCore.sys
2010-09-10 17:42:30 7383 ----a-w- c:windowssystem32driverspctplsg.cat
2010-09-10 17:42:30 63360 ----a-w- c:windowssystem32driverspctplsg.sys
2010-09-10 17:42:13 0 d-----w- c:userspaulappdataroamingPC Tools
2010-09-10 17:42:13 0 d-----w- c:programdataPC Tools
2010-09-10 17:42:13 0 d-----w- c:program filesSpyware Doctor
2010-09-10 17:42:13 0 d-----w- c:program filescommon filesPC Tools
2010-09-04 16:05:29 0 d-----w- c:userspaulappdataroamingAffilorama
2010-09-04 16:05:28 0 d-----w- c:program filesTraffic Travis v3
2010-09-04 13:39:29 0 d-----w- c:userspaulDoctorWeb
2010-09-03 21:37:46 221568 ----a-w- c:windowssystem32driversnetio.sys
2010-09-03 21:37:24 1238528 ----a-w- c:windowssystem32zpeng25.dll
2010-09-03 21:23:38 457304 ----a-w- c:windowssystem32driversvsdatant.sys
2010-09-03 21:23:38 420800 ---ha-w- c:windowssystem32driversvsconfig.xml
2010-09-03 21:23:38 0 d-----w- c:windowssystem32ZoneLabs
2010-09-03 21:23:38 0 d-----w- c:program filesZone Labs
2010-09-03 21:22:41 0 d-----w- c:programdataCheckPoint
2010-09-03 21:22:38 0 d-----w- c:windowsInternet Logs
2010-09-03 21:05:04 65536 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TM.blf
2010-09-03 21:05:04 524288 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000002.regtrans-ms
2010-09-03 21:05:04 524288 --sha-w- C:ntuser.dat{6326c0d6-b787-11df-89fe-001e8c765f76}.TMContainer00000000000000000001.regtrans-ms
2010-09-02 21:22:32 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-09-02 21:22:31 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-09-02 21:22:31 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-09-02 20:36:43 0 d-sh--w- c:userspaul.COMMgr
2010-09-02 20:36:21 0 d-----w- c:userspaulappdataroaming4423FE6CD6270E7CCE876C086E1B9805
2010-08-31 22:12:05 0 d--h--w- C:$AVG
2010-08-31 21:12:25 0 d-----w- c:userspaulappdataroamingGlarySoft
2010-08-31 21:12:24 12536 ----a-w- c:windowssystem32avgrsstx.dll
2010-08-31 21:12:22 243024 ----a-w- c:windowssystem32driversavgtdix.sys
2010-08-31 21:12:16 216400 ----a-w- c:windowssystem32driversavgldx86.sys
2010-08-31 21:12:14 0 d-----w- c:windowssystem32driversAvg
2010-08-31 21:12:12 0 d-----w- c:programdataAVG Security Toolbar
2010-08-31 21:10:04 0 d-----w- c:program filesAVG
2010-08-31 21:09:46 0 d-----w- c:programdataavg9
2010-08-31 20:17:33 0 d-----w- c:programdataUniblue
2010-08-31 20:17:29 0 d-----w- c:userspaulappdataroamingUniblue
2010-08-31 20:15:18 28160 ----a-w- c:windowssystem32DfSdkBt.exe
2010-08-29 17:23:10 0 d-----w- c:program filesTwitterBlasterPro
2010-08-29 16:40:38 184076 ---ha-w- c:windowssystem32mlfcache.dat
2010-08-29 16:16:21 0 d-----w- c:userspaulappdataroamingcom.mesiablabs.Hummingbird.DD96D946B68711898AC52ED9549DF79715E23D9C.1
2010-08-24 18:14:53 0 d-----w- c:userspaulappdataroamingubot
==================== Find3M ====================
2010-09-22 16:36:56 86016 ----a-w- c:windowsinfinfpub.dat
2010-09-22 16:36:56 143360 ----a-w- c:windowsinfinfstrng.dat
2010-09-22 16:36:56 143360 ----a-w- c:windowsinfinfstor.dat
2010-09-03 21:05:18 262144 ----a-w- C:ntuser.dat
2010-08-06 17:37:26 0 ---ha-w- c:windowssystem32driversMsft_Kernel_ccdcmb_01009.Wdf
2010-08-06 17:37:25 0 ---ha-w- c:windowssystem32driversMsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-08-06 17:12:53 0 ---ha-w- c:windowssystem32driversMsft_User_PCCSWpdDriver_01_05_00.Wdf
2010-07-27 14:57:18 49152 ----a-r- c:windowssystem32inetwh32.dll
2010-07-27 14:57:18 1044480 ----a-r- c:windowssystem32roboex32.dll
2010-07-26 13:17:06 95568 ----a-w- c:windowssystem32dgdersvc.exe
2010-07-26 13:17:06 726352 ----a-w- c:windowssystem32dgderapi.dll
2010-07-26 13:17:06 319456 ----a-w- c:windowssystem32DIFxAPI.dll
2010-07-26 13:17:06 18136 ----a-w- c:windowssystem32driversdgderdrv.sys
2010-07-26 13:15:26 36640 ----a-w- c:windowssystem32FsUsbExDisk.Sys
2010-07-26 13:15:26 217088 ----a-w- c:windowssystem32FsUsbExService.Exe
2010-06-26 06:05:49 916480 ----a-w- c:windowssystem32wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:windowssystem32iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:windowssystem32iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:windowssystem32ieUnatt.exe
2010-05-05 02:19:17 665600 ----a-w- c:windowsinfdrvindex.dat
2009-12-28 16:17:03 174 --sha-w- c:program filesdesktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:windowsinfperflib0409perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:windowsinfperflib0409perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:windowsinfperflib0000perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:windowsinfperflib0000perfc.dat
2009-10-15 02:26:13 245760 --sha-w- c:windowsserviceprofileslocalserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2009-12-21 19:39:51 16384 --sha-w- c:windowsserviceprofilesnetworkserviceappdatalocalmicrosoftwindowshistoryhistory.ie5index.dat
2009-12-21 19:39:51 32768 --sha-w- c:windowsserviceprofilesnetworkserviceappdatalocalmicrosoftwindowstemporary internet filescontent.ie5index.dat
2009-12-21 19:39:51 16384 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowscookiesindex.dat
2009-10-16 18:08:10 245760 --sha-w- c:windowsserviceprofilesnetworkserviceappdataroamingmicrosoftwindowsietldcacheindex.dat
2008-01-08 23:03:03 8192 --sha-w- c:windowsusersdefaultNTUSER.DAT
============= FINISH: 18:57:51.97 ===============
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:47:03, on 22/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:Program FilesSpyware DoctorpctsTray.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32jureg.exe
C:Windowssystem32schtasks.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesCommon FilesNokiaMPlatformNokiaMServer.exe
C:Program FilesiTunesiTunesHelper.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe
C:Program FilesNokiaNokia PC Suite 7PCSuite.exe
C:Program FilesSamsungKiesKiesTrayAgent.exe
C:Userspaul.COMMgrcomplmgr.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WindowsSystem32rundll32.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:hpkbdkbd.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:PROGRA~1MICROS~3Office12OUTLOOK.EXE
C:Program FilesAVGAVG9avgcsrvx.exe
C:Windowssystem32SearchFilterHost.exe
C:UserspaulDownloadsHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://dpbuk.co.uk/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O1 - Hosts: ::1 localhost
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:Program FilesStumbleUponStumbleUponIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O4 - HKLM..Run: [hpsysdrv] c:hpsupporthpsysdrv.exe
O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [SunJavaUpdateReg] "C:Windowssystem32jureg.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [GrooveMonitor] "C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] "C:Program FilesScanSoftPaperPortpptd40nt.exe"
O4 - HKLM..Run: [IndexSearch] "C:Program FilesScanSoftPaperPortIndexSearch.exe"
O4 - HKLM..Run: [PPort11reminder] "C:Program FilesScanSoftPaperPortEregEreg.exe" -r "C:ProgramDataScanSoftPaperPort11ConfigEregEreg.ini
O4 - HKLM..Run: [Google Quick Search Box] "C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe" /autorun
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [IAAnotif] "C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
O4 - HKLM..Run: [NokiaMServer] C:Program FilesCommon FilesNokiaMPlatformNokiaMServer /watchfiles
O4 - HKLM..Run: [Nokia FastStart] "C:Program FilesNokiaNokia MusicNokiaMusic.exe" /command:faststart
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0ENQBO] C:PROGRA~1COMMON~1AdobeAdobe Version Cue CS4ServerbinVersionCueCS4Tray.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [Malwarebytes' Anti-Malware] "C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe" /starttray
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKLM..Run: [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [EPSON Stylus SX400 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU "C:WindowsTEMPE_SF76A.tmp" /EF "HKCU"
O4 - HKCU..Run: [EPSON Stylus SX400 Series (Copy 1)] C:Windowssystem32spoolDRIVERSW32X863E_FATIEGE.EXE /FU "C:WindowsTEMPE_S7561.tmp" /EF "HKCU"
O4 - HKCU..Run: [Google Update] "C:UserspaulAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"
O4 - HKCU..Run: [PC Suite Tray] "C:Program FilesNokiaNokia PC Suite 7PCSuite.exe" -onlytray
O4 - HKCU..Run: [KiesTrayAgent] C:Program FilesSamsungKiesKiesTrayAgent.exe
O4 - HKCU..Run: [DriverScanner] "C:Program FilesUniblueDriverScannerlauncher.exe" delay 20000
O4 - HKCU..Run: [COM+ Manager] "C:Userspaul.COMMgrcomplmgr.exe"
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-2392193440-2477452000-396362505-1002..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'postgres')
O4 - Startup: Antimalware Doctor.lnk = C:UserspaulAppDataRoaming4423FE6CD6270E7CCE876C086E1B9805handlerfix70700en00.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:Program FilesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:Program FilesiMacrosimacros.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:Program FilesiMacrosimacros.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:Program FilesPokerStarsPokerStarsUpdate.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:ProgramsPartyGamingPartyGammonRunBackGammon.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:ProgramsPartyGamingPartyGammonRunBackGammon.exe (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:UserspaulAppDataLocalTempIXP000.TMPInstallerControl.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - C:UserspaulAppDataLocalTempf5tmpurTermProxy.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - C:UserspaulAppDataLocalTempf5tmpurxhost.cab
O17 - HKLMSystemCCSServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCCSServicesTcpip..{9E5FBC06-FD49-493D-99CE-6F217D4AD159}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS1ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS4ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLMSystemCS5ServicesTcpip..{2FA9592D-E2BB-4777-A3C9-80EA6E797A6A}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~3GOEC62~1.DLL,C:PROGRA~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll,avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS4ServerbinVersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:Program FilesAVGAVG9ToolbarToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:WindowsSYSTEM32crypserv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:Program FilesAshampooAshampoo WinOptimizer 6Dfsdks.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:Windowssystem32dgdersvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:ProgramDataEPSONEPW!3 SSRPE_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:Windowssystem32FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: getPlusŪ Helper - Unknown owner - C:Program FilesNOSbingetPlus_HelperSvc.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:hpHPEZBTNHPBtnSrv.exe
O23 - Service: IntelŪ Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: lxdi_device - - C:Windowssystem32lxdicoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:Program FilesPostgreSQL8.3binpg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: ServiceLayer - Nokia - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:Program FilesStumbleUponStumbleUponUpdateService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:WindowsSystem32ZoneLabsvsmon.exe
--
End of file - 18991 bytes
Managed to get a full GMER log overnight - pc still a nightmare (took over hr to open browser up to log on) - please help..
Also had a firewall block for an .exe called malware.unruy ???
Just as a note and the current delays in responses, for note for techs, I have not used this pc since the last set of scans were complete, so there is no need for me to re-run any scans.
Hope this helps
EDIT: Posts merged ~BP
Attached Files
-
log_gmer.log 220.8KB
3 downloads
Edited by Budapest, 25 September 2010 - 05:31 PM.
Back to top
