HP/Vista problems

**chanterjcd** · 29 Sep 2010

Hi
Not sure if this is the correct place to post this query, but here goes !
I have a HP Pavilion a6202.uk with Vista home premium 32bit installed. The pc has started crashing, not loading up properly, freezing etc all at different times. A couple of the messages i have had are:

C:\windows\system32\config\systemprofile\appdata\local\ezavofanapoxu.dll

DRIVER_IRQL_NOT_LESS_OR_EQUAL

I have also got a message on the bottom rhs of my desktop saying:
"windows vista build 6000 this copy of windows is not genuine". Vista was preinstalled on purchase.

Any help would be gratefully received,

Thanks, Charles

**MilesAhead** · 29 Sep 2010

You could try this link. Although it's a bit dated:

WIndows Vista Build 6000 This copy of Windows is not genuine | Coffeehouse | Forums | Channel 9

**Jacee** · 30 Sep 2010

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop. Right click on the .batfile and run as Administrator. Your computer will reboot itself.

Now, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.46 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

**chanterjcd** · 30 Sep 2010

Many thanks for the advice. I have followed your instructions Jacee and have copied the log below:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Code:

Database version: 4724

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

30/09/2010 20:41:05
mbam-log-2010-09-30 (20-41-05).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 253084
Time elapsed: 1 hour(s), 30 minute(s), 19 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 30
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 41

Memory Processes Infected:
C:\WINDOWS\smss.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\nvsvc32.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\taskmgr.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\System32\factyww3g.dll (Trojan.Downloader) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nh2ljsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nh2ljsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+kt0nh2ljsiv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkeg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqug (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqug (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkdw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqtw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqtw+ (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkerb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqurb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqurb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpvdr (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpvdr (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmprc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmprc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpvc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpsf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpsf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpqg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpqg (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpxb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mqmpxb (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xwinohazo (Trojan.Hiloti) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\krokewotevigulu (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\System32\factyww3g.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\smss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ws19jf5p9.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\win.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lsass.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hexdump.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sysedit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\krlery.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\charles\AppData\Local\Temp\DFDWizb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\charles\AppData\Local\Temp\iexplorer.exe (Trojan.Clicker) -> Delete on reboot.
C:\WINDOWS\System32\up7fy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74OT5VS5\ofmupwryg[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B7Z2J43Z\jjdlsnvtov[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\drivers\jenmqj.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\0c60ab5d.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4024371727.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucsvcb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ybao.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gq9tbzvzgzk13zyq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iexplorer.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\irftpa.exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\odbcad32a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mdgwvqy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ewjsekwk.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ABC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bkysxnyp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dispdiaga.exe (Trojan.Fakealert.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\6B5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\charles\AppData\Local\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\skaioejiesfjoee.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Local\ezavofamanapoxu.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.

**Jacee** · 30 Sep 2010

Files Infected: 41

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

After your machine has rebooted, Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply.
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt

**Jacee** · 30 Sep 2010

One very important thing!! You are infected with a 'Backdoor Trojan'

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.

Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security - dslreports.com
If you choose to format and reinstall see this link for instructions:
Windows: reformat and reinstall - Cyberwalker.com
Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted.

**chanterjcd** · 01 Oct 2010

Hi Jacee
your assistance is greatly appreciated.....but you do have me worried by the comments on the type of infections !

Code:

ComboFix.txt


ComboFix 10-09-30.05 - charles 01/10/2010  18:35:01.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.44.1033.18.1982.1107 [GMT 1:00]
Running from: c:\users\charles\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee Anti-Virus and Anti-Spyware *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\config\systemprofile\AppData\Roaming\jsdfgs.bat

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected 
Restored copy from - Kitty had a snack :p 
Infected copy of c:\windows\explorer.exe was found and disinfected 
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!WINDOWS!explorer.exe 

Infected copy of c:\windows\System32\wininit.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe 

Infected copy of c:\windows\explorer.exe was found and disinfected 
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!WINDOWS!explorer.exe
.
(((((((((((((((((((((((((   Files Created from 2010-09-01 to 2010-10-01  )))))))))))))))))))))))))))))))
.

2010-10-01 17:42 . 2010-10-01 17:42    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-01 17:42 . 2010-10-01 17:42    --------    d-----w-    c:\users\charles\AppData\Local\temp
2010-09-30 18:59 . 2010-09-30 18:59    --------    d-----w-    c:\windows\Sun
2010-09-30 18:07 . 2010-09-30 18:07    --------    d-----w-    c:\users\charles\AppData\Roaming\Malwarebytes
2010-09-30 18:06 . 2010-04-29 14:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 18:06 . 2010-09-30 18:06    --------    d-----w-    c:\programdata\Malwarebytes
2010-09-30 18:06 . 2010-04-29 14:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-30 17:01 . 2010-09-30 17:01    128512    ----a-w-    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\kywezo.exe
2010-09-30 17:01 . 2010-09-30 17:01    128512    ----a-w-    c:\users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehhyud.exe
2010-09-29 23:01 . 2010-09-29 23:01    --------    d--h--w-    c:\programdata\Common Files
2010-09-29 23:00 . 2010-09-29 23:02    --------    d-----w-    c:\programdata\AVG10
2010-09-29 22:59 . 2010-09-29 22:59    --------    d-----w-    c:\program files\AVG
2010-09-29 22:53 . 2010-09-29 22:59    --------    d-----w-    c:\programdata\MFAData
2010-09-29 22:51 . 2010-09-29 22:51    --------    d-----w-    c:\program files\RarZilla Free Unrar
2010-09-29 22:09 . 2010-09-29 22:09    --------    d--h--w-    c:\programdata\CanonBJ(156)
2010-09-29 22:07 . 2010-09-29 22:07    --------    d--h--w-    c:\program files\CanonBJ
2010-09-29 22:03 . 2010-09-29 22:03    --------    d-----w-    c:\users\charles\AppData\Local\HP
2010-09-29 21:43 . 2010-09-29 21:43    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2010-09-29 20:05 . 2010-09-29 20:05    --------    d-----w-    c:\users\charles\AppData\Roaming\WinBatch
2010-09-29 17:01 . 2010-10-01 18:10    843264    ----a-w-    c:\windows\system32\drivers\jenmqj.sys
2010-09-28 15:01 . 2010-09-28 15:01    --------    d-----w-    c:\users\charles\AppData\Local\Mares_Spa
2010-09-28 13:34 . 2010-09-28 13:34    --------    d-----w-    c:\programdata\PC Drivers HeadQuarters
2010-09-28 13:24 . 2010-09-30 21:05    --------    d-----w-    c:\users\charles\AppData\Local\eSupport.com
2010-09-28 10:26 . 2010-09-28 10:26    378368    ----a-w-    c:\windows\system32\winhttp.dll
2010-09-28 10:23 . 2010-09-28 10:23    268800    ----a-w-    c:\windows\system32\es.dll
2010-09-27 19:07 . 2010-09-27 19:09    --------    d-----w-    c:\users\charles\AppData\Roaming\SmartDraw
2010-09-27 19:06 . 2010-09-27 19:07    --------    d-----w-    C:\SmartDraw VP
2010-09-27 18:30 . 2010-09-27 21:09    --------    d-----w-    c:\users\charles\AppData\Local\Microsoft Games
2010-09-27 17:38 . 2010-09-28 15:53    --------    d-----w-    c:\users\charles\AppData\Roaming\DVD Flick
2010-09-27 12:53 . 2010-09-29 22:51    --------    d-----w-    c:\users\charles\AppData\Roaming\Philipp Winterberg
2010-09-27 12:53 . 2010-09-30 23:34    --------    d-----w-    c:\program files\Free RAR Extract Frog
2010-09-27 12:46 . 2010-09-27 12:46    --------    d-----w-    c:\users\charles\AppData\Roaming\Roxio
2010-09-27 12:45 . 2010-09-27 12:45    423656    ----a-w-    c:\windows\system32\deployJava1.dll
2010-09-27 12:13 . 2010-09-27 12:13    441856    ----a-w-    c:\windows\system32\win32spl.dll
2010-09-27 12:13 . 2010-09-27 12:13    37376    ----a-w-    c:\windows\system32\printcom.dll
2010-09-27 12:13 . 2010-09-27 12:13    2032128    ----a-w-    c:\windows\system32\win32k.sys
2010-09-27 12:12 . 2010-09-27 12:12    14848    ----a-w-    c:\windows\system32\wshrm.dll
2010-09-27 12:12 . 2010-09-27 12:12    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2010-09-27 12:11 . 2010-09-27 12:11    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2010-09-27 12:10 . 2010-09-27 12:10    11776    ----a-w-    c:\windows\system32\sbunattend.exe
2010-09-26 22:01 . 2010-09-26 22:01    --------    d-----w-    c:\program files\SiteAdvisor
2010-09-26 21:50 . 2010-09-30 21:14    --------    d-----w-    c:\programdata\McAfee
2010-09-26 12:12 . 2010-09-26 12:12    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-09-26 12:12 . 2010-09-26 12:12    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-09-26 12:12 . 2010-09-26 12:12    24064    ----a-w-    c:\windows\system32\lpk.dll
2010-09-26 12:12 . 2010-09-26 12:12    156672    ----a-w-    c:\windows\system32\t2embed.dll
2010-09-26 12:12 . 2010-09-26 12:12    10240    ----a-w-    c:\windows\system32\dciman32.dll
2010-09-26 12:12 . 2010-09-26 12:12    72704    ----a-w-    c:\windows\system32\fontsub.dll
2010-09-26 12:09 . 2010-09-26 12:09    61440    ----a-w-    c:\windows\system32\winipsec.dll
2010-09-26 12:09 . 2010-09-26 12:09    361984    ----a-w-    c:\windows\system32\IPSECSVC.DLL
2010-09-26 12:09 . 2010-09-26 12:09    28672    ----a-w-    c:\windows\system32\FwRemoteSvr.dll
2010-09-26 12:09 . 2010-09-26 12:09    272896    ----a-w-    c:\windows\system32\polstore.dll
2010-09-26 12:07 . 2010-09-26 12:07    84992    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2010-09-26 12:07 . 2010-09-26 12:07    306688    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-09-26 12:07 . 2010-09-26 12:07    95232    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2010-09-26 12:07 . 2010-09-26 12:07    241152    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2010-09-26 12:07 . 2010-09-26 12:07    160768    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2010-09-26 12:06 . 2010-09-26 12:06    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2010-09-26 12:06 . 2010-09-26 12:06    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2010-09-26 12:06 . 2010-09-26 12:06    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2010-09-26 12:06 . 2010-09-26 12:06    19968    ----a-w-    c:\windows\system32\ARP.EXE
2010-09-26 12:06 . 2010-09-26 12:06    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2010-09-26 12:06 . 2010-09-26 12:06    15360    ----a-w-    c:\windows\system32\netevent.dll
2010-09-26 12:06 . 2010-09-26 12:06    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2010-09-26 12:06 . 2010-09-26 12:06    103936    ----a-w-    c:\windows\system32\netiohlp.dll
2010-09-26 12:06 . 2010-09-26 12:06    10240    ----a-w-    c:\windows\system32\finger.exe
2010-09-26 12:05 . 2010-09-26 12:05    704000    ----a-w-    c:\windows\system32\PhotoScreensaver.scr
2010-09-26 12:05 . 2010-09-26 12:05    356352    ----a-w-    c:\windows\system32\wbem\wbemcomn.dll
2010-09-26 12:05 . 2010-09-26 12:05    24064    ----a-w-    c:\windows\system32\wtsapi32.dll
2010-09-26 12:05 . 2010-09-26 12:05    258232    ----a-w-    c:\windows\system32\drivers\acpi.sys
2010-09-26 12:05 . 2010-09-26 12:05    542720    ----a-w-    c:\windows\system32\sysmain.dll
2010-09-26 12:04 . 2010-09-26 12:04    194560    ----a-w-    c:\windows\system32\WebClnt.dll
2010-09-26 12:04 . 2010-09-26 12:04    110080    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2010-09-26 12:03 . 2010-09-26 12:03    123904    ----a-w-    c:\windows\system32\L2SecHC.dll
2010-09-26 12:03 . 2010-09-26 12:03    67584    ----a-w-    c:\windows\system32\wlanhlp.dll
2010-09-26 12:03 . 2010-09-26 12:03    502272    ----a-w-    c:\windows\system32\wlansvc.dll
2010-09-26 12:03 . 2010-09-26 12:03    47104    ----a-w-    c:\windows\system32\wlanapi.dll
2010-09-26 12:03 . 2010-09-26 12:03    297984    ----a-w-    c:\windows\system32\wlansec.dll
2010-09-26 12:03 . 2010-09-26 12:03    290816    ----a-w-    c:\windows\system32\wlanmsm.dll
2010-09-26 12:02 . 2010-09-26 12:02    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2010-09-26 12:02 . 2010-09-26 12:02    1260032    ----a-w-    c:\windows\system32\msxml3.dll
2010-09-26 12:02 . 2010-09-26 12:02    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2010-09-26 12:02 . 2010-09-26 12:02    1406464    ----a-w-    c:\windows\system32\msxml6.dll
2010-09-26 12:01 . 2010-09-26 12:01    216576    ----a-w-    c:\windows\system32\msv1_0.dll
2010-09-26 12:00 . 2010-09-26 12:00    58368    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2010-09-26 12:00 . 2010-09-26 12:00    211968    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2010-09-26 12:00 . 2010-09-26 12:00    102400    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-09-26 12:00 . 2010-09-26 12:00    2855424    ----a-w-    c:\windows\system32\mf.dll
2010-09-26 12:00 . 2010-09-26 12:00    98816    ----a-w-    c:\windows\system32\mfps.dll
2010-09-26 12:00 . 2010-09-26 12:00    52736    ----a-w-    c:\windows\system32\rrinstaller.exe
2010-09-26 12:00 . 2010-09-26 12:00    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2010-09-26 12:00 . 2010-09-26 12:00    2048    ----a-w-    c:\windows\system32\mferror.dll
2010-09-26 11:59 . 2010-09-26 11:59    3504008    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-09-26 11:59 . 2010-09-26 11:59    3470216    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-09-26 11:56 . 2010-09-26 11:56    434176    ----a-w-    c:\windows\system32\vbscript.dll
2010-09-26 11:56 . 2010-09-26 11:56    71680    ----a-w-    c:\windows\system32\atl.dll
2010-09-26 11:55 . 2010-09-26 11:55    297472    ----a-w-    c:\windows\system32\gdi32.dll
2010-09-26 11:54 . 2010-09-26 11:54    1060920    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2010-09-26 11:53 . 2010-09-26 11:53    500736    ----a-w-    c:\windows\system32\msdtcprx.dll
2010-09-26 11:53 . 2010-09-26 11:53    30208    ----a-w-    c:\windows\system32\xolehlp.dll
2010-09-26 11:52 . 2010-09-26 11:52    156160    ----a-w-    c:\windows\system32\wkssvc.dll
2010-09-26 11:51 . 2010-09-26 11:51    36352    ----a-w-    c:\windows\system32\tsgqec.dll
2010-09-26 11:51 . 2010-09-26 11:51    116736    ----a-w-    c:\windows\system32\aaclient.dll
2010-09-26 11:51 . 2010-09-26 11:51    1871872    ----a-w-    c:\windows\system32\mstscax.dll
2010-09-26 11:50 . 2010-09-26 11:50    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2010-09-26 11:48 . 2010-09-26 11:48    356864    ----a-w-    c:\windows\system32\MediaMetadataHandler.dll
2010-09-26 11:47 . 2010-09-26 11:47    63488    ----a-w-    c:\windows\system32\drivers\mpsdrv.sys
2010-09-26 11:47 . 2010-09-26 11:47    396800    ----a-w-    c:\windows\system32\MPSSVC.dll
2010-09-26 11:47 . 2010-09-26 11:47    392192    ----a-w-    c:\windows\system32\FirewallAPI.dll
2010-09-26 11:47 . 2010-09-26 11:47    86016    ----a-w-    c:\windows\system32\icfupgd.dll
2010-09-26 11:47 . 2010-09-26 11:47    61952    ----a-w-    c:\windows\system32\cmifw.dll
2010-09-26 11:47 . 2010-09-26 11:47    16896    ----a-w-    c:\windows\system32\wfapigp.dll
2010-09-26 11:44 . 2010-09-26 11:44    1244672    ----a-w-    c:\windows\system32\mcmde.dll
2010-09-26 11:44 . 2010-09-26 11:44    428032    ----a-w-    c:\windows\system32\EncDec.dll
2010-09-26 11:44 . 2010-09-26 11:44    292352    ----a-w-    c:\windows\system32\psisdecd.dll
2010-09-26 11:42 . 2010-09-26 11:42    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-26 11:42 . 2010-09-26 11:42    696832    ----a-w-    c:\windows\system32\localspl.dll
2010-09-26 11:40 . 2010-09-26 11:40    45112    ----a-w-    c:\windows\system32\drivers\pciidex.sys
2010-09-26 11:40 . 2010-09-26 11:40    21560    ----a-w-    c:\windows\system32\drivers\atapi.sys
2010-09-26 11:40 . 2010-09-26 11:40    15928    ----a-w-    c:\windows\system32\drivers\pciide.sys
2010-09-26 11:40 . 2010-09-26 11:40    109624    ----a-w-    c:\windows\system32\drivers\ataport.sys
2010-09-26 11:40 . 2010-09-26 11:40    211000    ----a-w-    c:\windows\system32\drivers\volsnap.sys
2010-09-26 11:40 . 2010-09-26 11:40    154624    ----a-w-    c:\windows\system32\drivers\nwifi.sys
2010-09-26 11:40 . 2006-11-02 09:45    2923520    ----a-w-    c:\windows\explorer.exe
2010-09-26 11:38 . 2010-09-26 11:38    72704    ----a-w-    c:\windows\system32\secur32.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 23:34 . 2007-09-04 07:18    --------    d-----w-    c:\program files\PC-Doctor 5 for Windows
2010-09-30 23:33 . 2010-09-26 06:37    --------    d--h--w-    c:\programdata\CanonBJ
2010-09-30 21:14 . 2010-09-26 21:56    --------    d-----w-    c:\program files\McAfee
2010-09-30 21:14 . 2010-09-26 21:56    --------    d-----w-    c:\program files\Common Files\Mcafee
2010-09-30 21:05 . 2007-09-04 07:22    --------    d-----w-    c:\program files\Google
2010-09-30 17:01 . 2010-09-29 17:02    0    ----a-w-    c:\windows\system32\config\systemprofile\AppData\Local\Vzage.bin
2010-09-29 17:02 . 2010-09-29 17:02    120    ----a-w-    c:\windows\system32\config\systemprofile\AppData\Local\Gcobefozuje.dat
2010-09-27 12:51 . 2007-09-04 07:12    --------    d-----w-    c:\programdata\Roxio
2010-09-27 12:46 . 2007-09-04 07:07    --------    d-----w-    c:\programdata\Sonic
2010-09-27 12:45 . 2007-09-04 07:15    --------    d-----w-    c:\program files\Common Files\Java
2010-09-27 12:44 . 2007-09-04 07:15    --------    d-----w-    c:\program files\Java
2010-09-27 12:30 . 2006-11-02 12:37    --------    d-----w-    c:\program files\Windows Sidebar
2010-09-27 12:30 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-27 12:30 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-27 12:30 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-27 12:30 . 2006-11-02 10:25    665600    ----a-w-    c:\windows\Inf\drvindex.dat
2010-09-27 11:34 . 2007-09-04 07:03    --------    d--h--w-    c:\program files\InstallShield Installation Information
2010-09-26 15:30 . 2006-11-02 12:37    --------    d-----w-    c:\program files\Windows Calendar
2010-09-26 12:11 . 2010-09-26 12:11    72704    ----a-w-    c:\windows\system32\admparse.dll
2010-09-26 12:11 . 2010-09-26 12:11    52736    ----a-w-    c:\windows\apppatch\iebrshim.dll
2010-09-26 12:11 . 2010-09-26 12:11    832512    ----a-w-    c:\windows\system32\wininet.dll
2010-09-26 12:11 . 2010-09-26 12:11    78336    ----a-w-    c:\windows\system32\ieencode.dll
2010-09-26 12:11 . 2010-09-26 12:11    48128    ----a-w-    c:\windows\system32\mshtmler.dll
2010-09-26 12:11 . 2010-09-26 12:11    26624    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-09-26 12:11 . 2010-09-26 12:11    56320    ----a-w-    c:\windows\system32\iesetup.dll
2010-09-26 11:37 . 2010-09-26 11:37    1808896    ----a-w-    c:\windows\system32\NlsLexicons0046.dll
2010-09-26 11:36 . 2010-09-26 11:36    5071872    ----a-w-    c:\windows\system32\NlsModels0011.dll
2010-09-26 11:34 . 2010-09-26 11:34    40960    ----a-w-    c:\windows\system32\srclient.dll
2010-09-26 11:29 . 2010-09-26 11:29    40960    ----a-w-    c:\windows\apppatch\apihex86.dll
2010-09-26 11:02 . 2010-09-26 11:02    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2010-09-26 11:02 . 2010-09-26 11:02    2143744    ----a-w-    c:\windows\apppatch\AcGenral.dll
2010-09-26 11:02 . 2010-09-26 11:02    537600    ----a-w-    c:\windows\apppatch\AcLayers.dll
2010-09-26 11:02 . 2010-09-26 11:02    449024    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2010-09-26 11:02 . 2010-09-26 11:02    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2010-09-26 06:45 . 2007-09-04 07:23    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2010-09-26 06:45 . 2007-09-04 07:23    --------    d-----w-    c:\programdata\Symantec
2010-09-26 06:29 . 2007-09-04 07:38    --------    d-----w-    c:\programdata\Hewlett-Packard
2010-09-26 06:28 . 2010-09-26 06:22    --------    d-----w-    c:\users\charles\AppData\Roaming\Hewlett-Packard
2010-09-26 06:21 . 2010-09-26 06:21    1797    --sha-r-    c:\windows\system32\drivers\103C_HP_CPC_GQ508AA-ABU a6202.uk_YC_0Pavi_QCNX737_E74GBv3PrA1_49_INettle2_SECS_V1.0_B5.17_T070824_WUH0_L409_M1918_J250_7AMD_8Athlon 64_92.6_#080106_N10DE03EF_Z_G10DE03D0_OTSSTcorp CD DVDW TS-H653L SCSI CdRom Device.MRK
2010-09-26 06:17 . 2010-09-26 06:17    33792    ----a-w-    c:\windows\system32\wuapp.exe
2010-09-26 06:17 . 2010-09-26 06:17    171608    ----a-w-    c:\windows\system32\wuwebv.dll
2010-09-26 06:17 . 2010-09-26 06:17    --------    d-sh--we    c:\programdata\Templates
2010-09-26 06:17 . 2010-09-26 06:17    --------    d-sh--we    c:\programdata\Start Menu
2010-09-26 06:17 . 2010-09-26 06:17    --------    d-sh--we    c:\programdata\Favorites
2010-09-26 06:17 . 2010-09-26 06:17    --------    d-sh--we    c:\programdata\Documents
2010-09-26 06:17 . 2010-09-26 06:17    --------    d-sh--we    c:\programdata\Desktop
2010-08-24 13:57 . 2010-09-26 21:56    9344    ----a-w-    c:\windows\system32\drivers\mfeclnk.sys
2010-08-24 13:57 . 2010-09-26 21:56    141792    ----a-w-    c:\windows\system32\mfevtps.exe
2010-08-24 13:57 . 2010-09-26 21:56    95600    ----a-w-    c:\windows\system32\drivers\mfeapfk.sys
2010-08-24 13:57 . 2010-09-26 21:56    84264    ----a-w-    c:\windows\system32\drivers\mferkdet.sys
2010-08-24 13:57 . 2010-09-26 21:56    84072    ----a-w-    c:\windows\system32\drivers\mfetdi2k.sys
2010-08-24 13:57 . 2010-09-26 21:56    64304    ----a-w-    c:\windows\system32\drivers\mfenlfk.sys
2010-08-24 13:57 . 2010-09-26 21:56    55840    ----a-w-    c:\windows\system32\drivers\cfwids.sys
2010-08-24 13:57 . 2010-09-26 21:56    52104    ----a-w-    c:\windows\system32\drivers\mfebopk.sys
2010-08-24 13:57 . 2010-09-26 21:56    386712    ----a-w-    c:\windows\system32\drivers\mfehidk.sys
2010-08-24 13:57 . 2010-09-26 21:56    312904    ----a-w-    c:\windows\system32\drivers\mfefirek.sys
2010-08-24 13:57 . 2010-09-26 21:56    152992    ----a-w-    c:\windows\system32\drivers\mfeavfk.sys
2010-08-24 13:57 . 2010-09-26 21:56    24376    ----a-w-    c:\program files\mozilla firefox\components\Scriptff.dll
2008-02-04 12:30 . 2010-09-26 15:04    22    --sha-w-    c:\windows\SMINST\HPCD.SYS
2007-09-04 07:43 . 2007-09-04 07:38    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 1783400]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-09-27 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-04 1006264]
"Malwarebytes Anti-Malware (reboot)"="c:\users\charles\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\users\charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ehhyud.exe [2010-9-30 128512]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
kywezo.exe [2010-9-30 128512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 0254751285881017mcinstcleanup;McAfee Application Installer Cleanup (0254751285881017);c:\users\charles\AppData\Local\Temp\025475~1.EXE [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-08-24 84072]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-08-24 141792]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
*Deregistered* - jenmqj
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\charles\AppData\Roaming\Mozilla\Firefox\Profiles\xg8x31gy.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {48FCF439-5B9D-440C-95FF-060A2D671D3F} - c:\windows\system32\config\systemprofile\AppData\Local\{48FCF439-5B9D-440C-95FF-060A2D671D3F}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-01 19:11
Windows 6.0.6000  NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MKdw+ryp.com&p=R0lGODlhyAA8APcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/  /////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm  AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/  MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm  ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/  mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm  zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/  /5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ  AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA  M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ  ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A  mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z  zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAADIADwA  AAj/AP8JHEiwoMGDCBMqXMiwocOHECNKnEjRYCpqCDFK1MiQY0WCHhdqDPlxIEaOKEWq/EiyIbWX  Jf+lSuWH5kybNWfmxJkqZkQ/fv61TAjTp0mjSA++vDjUpdOeA23SrEmVZ9WqF69axQl05b8pBZcq  FRqW7EmyBqkBDZo06cumPuG2FUiToNS7O7XqZLp3582/UguuBQpVoNy4Zo8aRsv47djDiqNG3sgY  YdfJY/+xbcoUs8Epg7dS1Xyz5tyGN6ldBKx6ZuvVql/LTp1V9eLTgtlGtO3QceS1ddMeLGwUcubK  YXknPst8uUzA0KNLn06dtXS/1f8KVTslFWjdzRUa/9/uu6xy3IbPI7S5/nhGhsEhFtV8eyFhwrNd  w6Ydm/9+1yfNx5BuE42Xnlyq1eQRSuOdVd9lIJUF0lQUnnQfV9+JVtpUVN13YYcJMuWYgQQRKB95  JC5FkkaifahhVSFi9eKGWpkmoUyaDeYHZwKq995bApZkonsy+QEWgyKCNJSK4uW4o3DNOZjbYiFh  ZGOAVZIF2nc3FjQTcnTNpyKTODYZEXEO+YECWOIBeVh5YKoVn5l2DakQTUHGOCdkaCoFJFGnDRll  YmseCdOIJkHlZpCJrridThAKV2JQI4F5VE+m6SjQkYr1WV9ai3qZZ6VI2SneFKB1hFx4zhWVZY+r  Cv8U6UN99WmnlJKi2KCYgbaU0mKoUtolqR0tSmZjhY0W5aGHLqeWpmjNuVlZhQUooqdUHjdmZL8C  6uVuU6CAbWRfUoTla4ouiJNnA+nIqGA9jXsglqe9K2SEn4KEgo3m9afoQrXWam15tmGUoYJoGbkW  WN8taGmRjO3nZn0IPnToRdtZnJhkhs2aFqq+rgYwdCKZVi2zWRnkYVpGyqsUpc0W5XK9GIf1ZLYt  bRZudxvjqBqqhf0Fp3P55ipTsM2GSdvCuk01IcgyxXZbbH/KWbOUAeKLVoINa50lvq21WyivB+lm  JGi+ctfdTVoXdxGqW5rIoVSVzpfas1PEbNZIE9P/NW5PTRm55uA7m9p2RtQQLq5c08J9s5dnh6gT  sfl2qxBQW8L93WV17UeWxJACDdPJQ6v8Y7YyKQ43CqyHO63Rfy4muHc7o+kRgYlD7bdtkasMmFE0  bY65kepRZVtnSr4UbLql2+epw2oNDtSCarreZtFfuf7S2bqbbtfgrd2+5ohJC8UTxSVjjmq7wYIG  eo7xUh2zwm91hSvRG9tv0oI779utaoSLGrMStJbcqAkFHKEJ6/xnEZUF6yBwiwpcWOQXy1RFKFwS  4PaANjUsMc9N7oOX4QaEvBjt7GAtAt/XyhavNQkKVWvyXocEx7PbPDBjBaMVhwpYELgB6FLdkR/W  //Ajv+ANhYeZ2eFVZnNAcXmNPNVjU9usxDnwrYdnKLET7dxXFR8+LmP2GYxdFkW7SKEMUG+J145W  450vsnAjwcFIKqR3NUt5J4bfMsyeBOfGAWntbMLCYKqoeJ9n6UiMA0OUrNoXRJn1DGcTIs2OIqdI  bXErKngizBy19znthGWBG9MI2iR4x3A5EXWNoUtC4OYRpCmNIx6CEdW2QiWFDe9x9sKMHPXYO/LU  zCW0KZddYFhDP8GGeyzDnUaqp0AONkRQ27EiBk/ZrtC4CXD4SV4ah7e5LWHMduxaTGG4VC4V/W4p  v3vMoU54SYpVD4EYmySVElgoutAxlz4D0xYNA/+0HQLObmksWN+qmaO8VVN0crLS+XQZoJYlCpPm  pBoahSmUBeJuIaaEyhr7A8ZNra9EhQtViZJnlhPSUEHVSsi1/qI/zt1wUqyi0tyAExTguI816hGZ  Kq01p8TQMEH7u98dxQWhkcDGStaD3JpOBpsyJYR7M+mexfokpzUKhX5opEhpWraXrsrRNT1TVFMt  Uk9ZYWuZhTLRSWy3syVJUSkzK6Xg9Fax+smKLTadHjjNeji/sRGsmnHmVsTyLNGk5a/ZExdxqGpP  1hFHjmSbIzVX+DXDcURzeDzdkoD6GSNJMEx2Kef78GWT5dURa44ya42+1EyD1gmCnJzniqRJkc3/  5Ml8xJQiZfdWP8L8RnP602NX2eYcGLHHozsqX5WUQxLGInWp6JrhQEzp2jDprWMZxdpRmFO+5GzX  hxXBGL0m1TCshG2e+vFkZU6SQT2KpCmpzR08J9SamhDTvAhLCQULl55UWqZJFvqlt3z6OvdaS2Gj  pCle2qWf8JGHvvUZF0/zIhpYgm+vgnMhXXn74OdKFb6yotN28WkS34b2brdpIzklObUxdpLCw50c  doZ7pZY8tsTS0+8mlxq1vYpkxyF85mYfw2GVySg1dIFZrbiHQgo7uadG5SjF/iUp5prvdewlXHfs  27+1bdRBZHvkV1pnuY2dlTLijG508tJR3PIr/0KsOi/A+sMbH/kpJID7WJcVh1IfkahIb7UPxVI7  HCFe90YMIphaODy66XU4xO2klmx8JSq76LKJrntSDt88qPccKE2xIunEsgKph27XUq8CWJ3cSC8S  HfW9QfMTDH382q2hZ1pAEhEs78MYR9+vo4jiLt/MwzGz8PAseSYfwcLyS0pb93MSLeUY9ctgl2nX  aNudGXxGqBIwJ2emKZ3Mcfkq5pi61yGv/iTU7DwcpND5mNiD85RQTaxgV3V6jlmbo1JKEiTWBTKt  tqNEIfsxx8JEWJJrNkOrM2nP/BnKYTbqhzzWLxADzEYUPdG5lmvq6VJ3Q+UCXYP5A3ASh3Peu/+G  mYXwrWxLpkTXYg5jUHoabzqvEHWu6dDgWrc27XBX3lUmH/q0WiP9pQ3Eg/p1f82NmppKOHbsuotX  x0pDnskL6TGPyVWQGNTkKL1iOIuZRCF5c7JcJT3Is4jUkTz054gFg3g1UxrTiZ5av/fPJQl2qx5W  zTdDJyd57IjtiCW3NeOdJaT536PNFWlPU44ozBKnYZUeWgkNG654WVfbwV73T3deVWeCzqJ952nY  7a86HX3e5weM7dV75T1dRaNvgEr5E8e4S5EMZLHb3vk47x3MSd/7bnrPHCpjci+yLdDo+3p40ONe  xERqPd+vzXdI0mm8z48atm+e8TzHO/uuD78y+C1zdVt/BGHjT3/eq796OTP75KA2323VT//6h97F  7qYP9u3P/1w13y1QoW0apyThFxAAOw = c:\windows\nvsvc32.exe 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jenmqj]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1484)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2010-10-01  19:13:59 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-01 18:13

Pre-Run: 175,808,581,632 bytes free
Post-Run: 177,690,591,232 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F28E06FD0FE1F2F04478209942D00544

**chanterjcd** · 01 Oct 2010

I forgot to mention on the last post that when I boot up the PC it loads and then goes to a blue error screen, so I have to load up in safe mode. Not sure if this is relevant!
Charles

**Jacee** · 01 Oct 2010

Yes, you really should be worried ... Your computer is quite compromised!

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

**chanterjcd** · 02 Oct 2010

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 2, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 02, 2010 01:15:27
Records in database: 4273512
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Objects scanned: 119982
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 01:49:32

File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir Infected: Virus.Win32.TDSS.b 1
C:\Qoobox\Quarantine\C\Windows\system32\wininit.exe.vir Infected: Trojan.Win32.Patched.kl 1
C:\WINDOWS\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys Infected: Virus.Win32.TDSS.b 1
Selected area has been scanned.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Problems with new Logitech S-150 speakers problems with x64 vista	infinitezero8	Sound & Audio	2	30 Aug 2009
Big vista problems need help icon/background/graphics/personalise problems	cmdo83	Vista performance & maintenance	4	29 Jun 2009
Problems starting command prompt on cygwin on vista ultimate, problems not had on Win2k3SP2	qa4ever	Vista General	2	09 Oct 2008
2 different vista problems. Memory dump crash and startup repair cannot fix problems	Hiera	Vista General	4	28 Jun 2008
Downgrading from 64bit Vista to 32bit, Media Center problems, web page printing problems	Chris Lane	Vista installation & setup	1	13 Oct 2007

HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Re: HP/Vista problems

Posting Permissions