hmorse
-
Posts
1 -
Joined
-
Last visited
This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Unknown Virus/Malware Attacking Computer
in Resolved Malware Removal Logs
Posted
Hi,
I am having a computer problem whereby it appears as though I have a virus that Malwarebytes has not been able to remove or detect. Currently there is a Internet Explorer window opening (a local newspaper) in the top left corner of the desktop and we have been unable to close it or remove the window.
Here are the DDS and Attach logs:
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by HEM at 12:41:08 on 2012-07-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2233 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Documents and Settings\HEM\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: PC Antivirus Web Protection BHO: {c11cbda9-6702-469e-9ce1-64e3971a6b44} - c:\program files\pc antivirus\pf.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [uMonit] c:\windows\system32\UMonit.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f
StartupFolder: c:\docume~1\hem\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hem\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cnet.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://99.28.49.193/webrec.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://66.192.110.33:100/VideoViewer.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266006557234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341329730109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{87E4B200-38DD-479B-BB2C-A0142A73BAD9} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hem\application data\mozilla\firefox\profiles\ajj61eh2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=ku&q=
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - c02de8f30000000000000021851d7055
FF - user.js: extensions.BabylonToolbar_i.hardId - c02de8f30000000000000021851d7055
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824&q=
FF - user.js: extensions.funmoods.id - 0021851D7055E8F3
FF - user.js: extensions.funmoods.instlDay - 15525
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:47:37
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-6-25 3361496]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-3 69640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-3 1262400]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-20 361472]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-7-1 935480]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-21 272864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-9 1691480]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-21 1024768]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-1-30 45288]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-2-25 101520]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-4-11 406016]
S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2011-1-30 12416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-3-7 1034240]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-30 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
S4 Bulk1528;SPCA1528 Still Camera Service; [x]
S4 Ca1528av;SPCA1528 Video Camera Service; [x]
.
=============== Created Last 30 ================
.
2012-07-05 16:03:49 -------- d-sha-r- C:\cmdcons
2012-07-05 16:01:57 98816 ----a-w- c:\windows\sed.exe
2012-07-05 16:01:57 518144 ----a-w- c:\windows\SWREG.exe
2012-07-05 16:01:57 256000 ----a-w- c:\windows\PEV.exe
2012-07-05 16:01:57 208896 ----a-w- c:\windows\MBR.exe
2012-07-04 20:44:08 -------- d-----w- c:\windows\pss
2012-07-04 20:41:19 -------- d-----w- c:\documents and settings\hem\local settings\application data\LogMeIn Rescue Applet
2012-07-04 17:31:09 -------- d-----w- c:\documents and settings\hem\application data\AVPro
2012-07-04 17:30:59 -------- d-----w- c:\documents and settings\hem\application data\PC Antivirus
2012-07-04 17:30:56 6197048 ----a-w- c:\windows\uninstac.exe
2012-07-04 17:30:53 582992 ----a-w- c:\windows\system32\sbap.dll
2012-07-04 17:30:53 308560 ----a-w- c:\windows\system32\vipre.dll
2012-07-04 17:30:53 160768 ----a-w- c:\windows\system32\unrar.dll
2012-07-04 17:30:53 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-07-04 17:30:52 -------- d-----w- c:\program files\PC Antivirus
2012-07-04 17:30:52 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data
2012-07-04 17:27:50 -------- d-----w- c:\program files\PC Cleaners
2012-07-04 17:20:03 -------- d-----w- c:\documents and settings\hem\application data\PC Cleaners
2012-07-04 17:19:58 4106512 ----a-w- c:\windows\uninst.exe
2012-07-04 17:19:58 -------- d-----w- c:\documents and settings\hem\application data\PCPro
2012-07-04 17:19:56 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-07-04 14:49:07 -------- d-----w- c:\documents and settings\hem\application data\Funmoods
2012-07-04 14:47:24 -------- d-----w- c:\program files\OApps
2012-07-04 14:44:33 -------- d-----w- c:\program files\Playbryte
2012-07-04 14:44:33 -------- d-----w- c:\documents and settings\hem\application data\Go PDF Reader
2012-07-04 14:44:28 -------- d-----w- c:\documents and settings\hem\local settings\application data\Playbryte
2012-07-03 15:46:26 -------- d-----w- c:\windows\system32\winrm
2012-07-03 15:46:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-03 15:03:28 45056 ----a-w- c:\windows\system32\unredmon.exe
2012-07-03 15:03:28 116224 ----a-w- c:\windows\system32\redmonnt.dll
2012-07-03 15:02:54 -------- d-----w- c:\documents and settings\hem\local settings\application data\Giant Savings
2012-07-03 15:02:53 -------- d-----w- c:\program files\BabylonToolbar
2012-07-03 15:02:52 -------- d-----w- c:\documents and settings\hem\application data\BabylonToolbar
2012-07-03 15:02:50 -------- d-----w- c:\program files\Giant Savings
2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\hem\application data\Babylon
2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-07-02 02:35:14 -------- d-----w- c:\documents and settings\hem\local settings\application data\AVG Secure Search
2012-07-01 17:00:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-06-30 16:56:20 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-06-30 16:56:20 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-06-30 16:56:20 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-06-30 16:44:26 -------- d-----w- c:\documents and settings\hem\application data\AVG Secure Search
2012-06-30 16:44:23 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-30 16:44:21 -------- d-----w- c:\program files\AVG Secure Search
2012-06-30 16:44:17 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\hem\application data\FileOpen
2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\all users\application data\FileOpen
2012-06-21 23:48:46 -------- d-----w- c:\documents and settings\hem\application data\Downloaded Installations
2012-06-20 11:59:48 -------- d-----w- c:\program files\ATT
2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\hem\local settings\application data\ATTYToolbar
2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\all users\application data\ATTYToolbar
2012-06-20 11:44:29 -------- d-----w- c:\program files\Yahoo!
2012-06-19 23:22:02 -------- d-----w- c:\program files\ATT-HSI
2012-06-19 23:21:50 -------- d-----w- c:\program files\common files\Motive
2012-06-13 05:22:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 21:45:45 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2012-07-05 15:20:58 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-07-03 21:14:54 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-03 21:14:54 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-03 21:00:33 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-23 16:25:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 16:25:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 01:25:46 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2012-06-03 19:08:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 12:41:23.15 ===============
ATTACH.TXT LOG:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by HEM at 12:41:08 on 2012-07-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2233 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\3COM\3Com Wireless 108 Mbps 11g USB Utility \lcs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Documents and Settings\HEM\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: PC Antivirus Web Protection BHO: {c11cbda9-6702-469e-9ce1-64e3971a6b44} - c:\program files\pc antivirus\pf.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.362.0\BingExt.dll"
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [uMonit] c:\windows\system32\UMonit.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\ConduitEngine /f
StartupFolder: c:\docume~1\hem\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\hem\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cnet.com\download
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB
DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} - hxxp://99.28.49.193/webrec.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:120/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://66.192.110.33:100/VideoViewer.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266006557234
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341329730109
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{87E4B200-38DD-479B-BB2C-A0142A73BAD9} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hem\application data\mozilla\firefox\profiles\ajj61eh2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B99945dac-158f-4ccd-b30c-95cca09b959f%7D&mid=036c9dd0f4d147d0bd56d168c3f999a6-5465d9b6fc0bf4d5974f78a9f122f84e472db74f&ds=ts026&v=11.1.0.7〈=en&pr=sa&d=2012-06-30%2012%3A44%3A26&sap=ku&q=
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - c02de8f30000000000000021851d7055
FF - user.js: extensions.BabylonToolbar_i.hardId - c02de8f30000000000000021851d7055
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15525
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:44:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDtC0DyBtDyDyD0Ezz0FtAtN0D0Tzu0CtCzzyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=18690824&q=
FF - user.js: extensions.funmoods.id - 0021851D7055E8F3
FF - user.js: extensions.funmoods.instlDay - 15525
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:47:37
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R2 GsServer;GoodSync Server;c:\program files\siber systems\goodsync\Gs-Server.exe [2012-6-25 3361496]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-3 69640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-7-3 1262400]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-6-20 361472]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-7-1 935480]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 WSWNDA3100;WSWNDA3100;c:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-21 272864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-2-9 1691480]
S3 AQFileRestore;AQFileRestore;c:\windows\system32\drivers\aqfilerestore.sys --> c:\windows\system32\drivers\AQFileRestore.sys [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-21 1024768]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-1-30 45288]
S3 DCamUSBSTK02N;Standard Camera;c:\windows\system32\drivers\STK02NW2.sys [2010-2-25 101520]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 7\DfSdkS.exe [2011-4-11 406016]
S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [2011-1-30 12416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-16 135664]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2012-3-7 1034240]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-3-30 12984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
S4 Bulk1528;SPCA1528 Still Camera Service; [x]
S4 Ca1528av;SPCA1528 Video Camera Service; [x]
.
=============== Created Last 30 ================
.
2012-07-05 16:03:49 -------- d-sha-r- C:\cmdcons
2012-07-05 16:01:57 98816 ----a-w- c:\windows\sed.exe
2012-07-05 16:01:57 518144 ----a-w- c:\windows\SWREG.exe
2012-07-05 16:01:57 256000 ----a-w- c:\windows\PEV.exe
2012-07-05 16:01:57 208896 ----a-w- c:\windows\MBR.exe
2012-07-04 20:44:08 -------- d-----w- c:\windows\pss
2012-07-04 20:41:19 -------- d-----w- c:\documents and settings\hem\local settings\application data\LogMeIn Rescue Applet
2012-07-04 17:31:09 -------- d-----w- c:\documents and settings\hem\application data\AVPro
2012-07-04 17:30:59 -------- d-----w- c:\documents and settings\hem\application data\PC Antivirus
2012-07-04 17:30:56 6197048 ----a-w- c:\windows\uninstac.exe
2012-07-04 17:30:53 582992 ----a-w- c:\windows\system32\sbap.dll
2012-07-04 17:30:53 308560 ----a-w- c:\windows\system32\vipre.dll
2012-07-04 17:30:53 160768 ----a-w- c:\windows\system32\unrar.dll
2012-07-04 17:30:53 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-07-04 17:30:52 -------- d-----w- c:\program files\PC Antivirus
2012-07-04 17:30:52 -------- d-----w- c:\documents and settings\all users\application data\AVC1Data
2012-07-04 17:27:50 -------- d-----w- c:\program files\PC Cleaners
2012-07-04 17:20:03 -------- d-----w- c:\documents and settings\hem\application data\PC Cleaners
2012-07-04 17:19:58 4106512 ----a-w- c:\windows\uninst.exe
2012-07-04 17:19:58 -------- d-----w- c:\documents and settings\hem\application data\PCPro
2012-07-04 17:19:56 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2012-07-04 14:49:07 -------- d-----w- c:\documents and settings\hem\application data\Funmoods
2012-07-04 14:47:24 -------- d-----w- c:\program files\OApps
2012-07-04 14:44:33 -------- d-----w- c:\program files\Playbryte
2012-07-04 14:44:33 -------- d-----w- c:\documents and settings\hem\application data\Go PDF Reader
2012-07-04 14:44:28 -------- d-----w- c:\documents and settings\hem\local settings\application data\Playbryte
2012-07-03 15:46:26 -------- d-----w- c:\windows\system32\winrm
2012-07-03 15:46:22 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-03 15:03:28 45056 ----a-w- c:\windows\system32\unredmon.exe
2012-07-03 15:03:28 116224 ----a-w- c:\windows\system32\redmonnt.dll
2012-07-03 15:02:54 -------- d-----w- c:\documents and settings\hem\local settings\application data\Giant Savings
2012-07-03 15:02:53 -------- d-----w- c:\program files\BabylonToolbar
2012-07-03 15:02:52 -------- d-----w- c:\documents and settings\hem\application data\BabylonToolbar
2012-07-03 15:02:50 -------- d-----w- c:\program files\Giant Savings
2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\hem\application data\Babylon
2012-07-03 15:00:03 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-07-02 02:35:14 -------- d-----w- c:\documents and settings\hem\local settings\application data\AVG Secure Search
2012-07-01 17:00:46 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-06-30 16:56:20 65640 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2012-06-30 16:56:20 25548 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2012-06-30 16:56:20 11368 ----a-w- c:\windows\system32\RtkCoLDRXP.dll
2012-06-30 16:44:26 -------- d-----w- c:\documents and settings\hem\application data\AVG Secure Search
2012-06-30 16:44:23 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-30 16:44:21 -------- d-----w- c:\program files\AVG Secure Search
2012-06-30 16:44:17 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\hem\application data\FileOpen
2012-06-21 23:50:00 -------- d-----w- c:\documents and settings\all users\application data\FileOpen
2012-06-21 23:48:46 -------- d-----w- c:\documents and settings\hem\application data\Downloaded Installations
2012-06-20 11:59:48 -------- d-----w- c:\program files\ATT
2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\hem\local settings\application data\ATTYToolbar
2012-06-20 11:44:33 -------- d-----w- c:\documents and settings\all users\application data\ATTYToolbar
2012-06-20 11:44:29 -------- d-----w- c:\program files\Yahoo!
2012-06-19 23:22:02 -------- d-----w- c:\program files\ATT-HSI
2012-06-19 23:21:50 -------- d-----w- c:\program files\common files\Motive
2012-06-13 05:22:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-06 21:45:45 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
2012-07-05 15:20:58 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-07-03 21:14:54 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-03 21:14:54 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-03 21:00:33 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-23 16:25:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 16:25:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 01:25:46 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2012-06-03 19:08:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 12:41:23.15 ===============