Jump to content

Bad search re-directs


espfrank
 Share

Recommended Posts

Malwarebytes log

07:12:29 ESP MESSAGE Scheduled update executed successfully

07:12:29 ESP MESSAGE IP Protection stopped

07:12:38 ESP MESSAGE Database updated successfully

07:12:42 ESP MESSAGE IP Protection started successfully

16:50:00 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

16:50:03 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

16:50:09 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

16:56:49 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

16:56:52 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

16:56:58 ESP IP-BLOCK 209.212.147.218 (Type: outgoing)

DDS.txt

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 11:48:43.33 on Fri 02/18/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1128 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

=============== Created Last 30 ================

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira

2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 23:19:49 -------- d-----w- c:\docume~1\esp\locals~1\applic~1\AskToolbar

2011-01-31 21:57:28 -------- d-----w- c:\program files\Ask.com

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 11:49:59.37 ===============

Attach.zip

Link to post
Share on other sites

Hello espfrank! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Step 1

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
    [gBd-It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->-Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 2

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware[-/b] since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: -http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 3

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post these log(s):

  1. TDSSKiller log
  2. a new fresh DDS log only

Link to post
Share on other sites

Hello, Thanks for your help

While I was filling this out got one of those "Congradulations your the lucky winner" pages - this is not the first time that this BS has been going on.

2011/02/20 10:48:34.0531 4512 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20

2011/02/20 10:48:34.0750 4512 ================================================================================

2011/02/20 10:48:34.0750 4512 SystemInfo:

2011/02/20 10:48:34.0750 4512

2011/02/20 10:48:34.0750 4512 OS Version: 5.1.2600 ServicePack: 3.0

2011/02/20 10:48:34.0750 4512 Product type: Workstation

2011/02/20 10:48:34.0750 4512 ComputerName: D531A

2011/02/20 10:48:34.0750 4512 UserName: ESP

2011/02/20 10:48:34.0750 4512 Windows directory: C:\WINDOWS

2011/02/20 10:48:34.0750 4512 System windows directory: C:\WINDOWS

2011/02/20 10:48:34.0750 4512 Processor architecture: Intel x86

2011/02/20 10:48:34.0750 4512 Number of processors: 2

2011/02/20 10:48:34.0750 4512 Page size: 0x1000

2011/02/20 10:48:34.0750 4512 Boot type: Normal boot

2011/02/20 10:48:34.0750 4512 ================================================================================

2011/02/20 10:48:35.0031 4512 Initialize success

2011/02/20 10:48:50.0359 2464 ================================================================================

2011/02/20 10:48:50.0359 2464 Scan started

2011/02/20 10:48:50.0359 2464 Mode: Manual;

2011/02/20 10:48:50.0359 2464 ================================================================================

2011/02/20 10:48:50.0640 2464 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/02/20 10:48:50.0687 2464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/02/20 10:48:50.0765 2464 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/20 10:48:50.0796 2464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/02/20 10:48:50.0843 2464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/02/20 10:48:50.0890 2464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/02/20 10:48:50.0937 2464 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/02/20 10:48:50.0984 2464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/20 10:48:51.0000 2464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/02/20 10:48:51.0015 2464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/02/20 10:48:51.0046 2464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/02/20 10:48:51.0078 2464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/02/20 10:48:51.0125 2464 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys

2011/02/20 10:48:51.0140 2464 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys

2011/02/20 10:48:51.0171 2464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/02/20 10:48:51.0218 2464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/02/20 10:48:51.0234 2464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/02/20 10:48:51.0265 2464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/02/20 10:48:51.0328 2464 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/02/20 10:48:51.0359 2464 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

2011/02/20 10:48:51.0406 2464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/02/20 10:48:51.0437 2464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/02/20 10:48:51.0453 2464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/02/20 10:48:51.0484 2464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/02/20 10:48:51.0546 2464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/20 10:48:51.0578 2464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/20 10:48:51.0703 2464 ati2mtag (4f1d98c5faa232d89f479aa2f6ef4196) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/02/20 10:48:51.0781 2464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/20 10:48:51.0812 2464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/20 10:48:51.0843 2464 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/02/20 10:48:51.0937 2464 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/02/20 10:48:51.0984 2464 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/02/20 10:48:52.0015 2464 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/02/20 10:48:52.0062 2464 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/02/20 10:48:52.0125 2464 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

2011/02/20 10:48:52.0203 2464 bcm (abadc13ec1ecee9301b5190bfd84d8f1) C:\WINDOWS\system32\DRIVERS\drxvi314.sys

2011/02/20 10:48:52.0265 2464 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/02/20 10:48:52.0296 2464 bcmbusctr (1388d943da2692f8f76b9a8b48be3932) C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys

2011/02/20 10:48:52.0328 2464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/20 10:48:52.0406 2464 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys

2011/02/20 10:48:52.0437 2464 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/02/20 10:48:52.0500 2464 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

2011/02/20 10:48:52.0531 2464 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

2011/02/20 10:48:52.0578 2464 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

2011/02/20 10:48:52.0609 2464 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

2011/02/20 10:48:52.0687 2464 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/02/20 10:48:52.0734 2464 BTSERIAL (af3cc52fc040a402a6ad07ac1bd4fe76) C:\WINDOWS\system32\drivers\btserial.sys

2011/02/20 10:48:52.0765 2464 BTSLBCSP (e233ae94f1b66ddbfbca9566d0f7fdba) C:\WINDOWS\system32\drivers\btslbcsp.sys

2011/02/20 10:48:52.0828 2464 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/02/20 10:48:52.0859 2464 btwhid (0d8faae0fc0515b6f3b6884b1592de8d) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2011/02/20 10:48:52.0921 2464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/02/20 10:48:52.0953 2464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/02/20 10:48:52.0968 2464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/20 10:48:53.0015 2464 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/02/20 10:48:53.0046 2464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/02/20 10:48:53.0062 2464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/20 10:48:53.0109 2464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/20 10:48:53.0156 2464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/20 10:48:53.0250 2464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/02/20 10:48:53.0265 2464 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/02/20 10:48:53.0312 2464 cm_net (8be938fe04e3a9d091f379c1d5f4b873) C:\WINDOWS\system32\DRIVERS\cm_net.sys

2011/02/20 10:48:53.0359 2464 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\WINDOWS\system32\DRIVERS\cm_ser.sys

2011/02/20 10:48:53.0390 2464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/02/20 10:48:53.0437 2464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/02/20 10:48:53.0468 2464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/02/20 10:48:53.0500 2464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/02/20 10:48:53.0531 2464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/20 10:48:53.0593 2464 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

2011/02/20 10:48:53.0609 2464 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2011/02/20 10:48:53.0671 2464 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2011/02/20 10:48:53.0687 2464 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

2011/02/20 10:48:53.0718 2464 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2011/02/20 10:48:53.0734 2464 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2011/02/20 10:48:53.0765 2464 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2011/02/20 10:48:53.0796 2464 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

2011/02/20 10:48:53.0843 2464 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2011/02/20 10:48:53.0875 2464 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2011/02/20 10:48:53.0937 2464 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/20 10:48:53.0968 2464 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/20 10:48:54.0000 2464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/20 10:48:54.0031 2464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/20 10:48:54.0109 2464 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2011/02/20 10:48:54.0140 2464 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys

2011/02/20 10:48:54.0171 2464 dot4ufd (0a57b5876530febb4ebf6ad501864f96) C:\WINDOWS\system32\DRIVERS\hppaufd0.sys

2011/02/20 10:48:54.0203 2464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/02/20 10:48:54.0250 2464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/20 10:48:54.0281 2464 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2011/02/20 10:48:54.0328 2464 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2011/02/20 10:48:54.0375 2464 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

2011/02/20 10:48:54.0390 2464 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/02/20 10:48:54.0437 2464 ENUM1394 (80d1b490b60e74e002dc116ec5d41748) C:\WINDOWS\system32\DRIVERS\enum1394.sys

2011/02/20 10:48:54.0484 2464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/20 10:48:54.0531 2464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/20 10:48:54.0562 2464 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB011D.SYS

2011/02/20 10:48:54.0609 2464 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/20 10:48:54.0671 2464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/02/20 10:48:54.0703 2464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/20 10:48:54.0734 2464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/20 10:48:54.0796 2464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/20 10:48:54.0828 2464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/02/20 10:48:54.0875 2464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/20 10:48:54.0921 2464 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys

2011/02/20 10:48:54.0968 2464 havabus (47004d039aa229b6a2821165c06083ce) C:\WINDOWS\system32\DRIVERS\havabus.sys

2011/02/20 10:48:55.0000 2464 havanet (7778ffb3c7232c274d72c16493607cbd) C:\WINDOWS\system32\DRIVERS\havanet.sys

2011/02/20 10:48:55.0031 2464 HAVATV (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HAVATV.sys

2011/02/20 10:48:55.0062 2464 HavaTV_10 (5f93bcc70790f3e029a2591e94b4ef8e) C:\WINDOWS\system32\DRIVERS\HavaTV_10.sys

2011/02/20 10:48:55.0109 2464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/02/20 10:48:55.0140 2464 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/02/20 10:48:55.0187 2464 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys

2011/02/20 10:48:55.0250 2464 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\WINDOWS\system32\drivers\hpfxfax.sys

2011/02/20 10:48:55.0296 2464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/02/20 10:48:55.0375 2464 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/02/20 10:48:55.0453 2464 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/02/20 10:48:55.0500 2464 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/02/20 10:48:55.0546 2464 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/20 10:48:55.0562 2464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/02/20 10:48:55.0609 2464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/02/20 10:48:55.0640 2464 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/20 10:48:55.0671 2464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/02/20 10:48:55.0718 2464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/02/20 10:48:55.0781 2464 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/20 10:48:55.0812 2464 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/20 10:48:55.0843 2464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/20 10:48:55.0890 2464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/20 10:48:55.0937 2464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/20 10:48:55.0968 2464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/20 10:48:56.0000 2464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/20 10:48:56.0031 2464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/20 10:48:56.0062 2464 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/20 10:48:56.0093 2464 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/20 10:48:56.0125 2464 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/02/20 10:48:56.0171 2464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/20 10:48:56.0218 2464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/20 10:48:56.0328 2464 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys

2011/02/20 10:48:56.0359 2464 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2011/02/20 10:48:56.0421 2464 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/02/20 10:48:56.0468 2464 MLPTDR_B (124aaf5d2a58e00c05019b0fb77c0966) C:\WINDOWS\system32\MLPTDR_B.SYS

2011/02/20 10:48:56.0578 2464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/20 10:48:56.0625 2464 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/20 10:48:56.0671 2464 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

2011/02/20 10:48:56.0718 2464 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/20 10:48:56.0765 2464 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/02/20 10:48:56.0796 2464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/20 10:48:56.0843 2464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/02/20 10:48:56.0875 2464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/20 10:48:56.0937 2464 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/20 10:48:56.0984 2464 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/02/20 10:48:57.0031 2464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/20 10:48:57.0078 2464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/20 10:48:57.0093 2464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/20 10:48:57.0125 2464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/20 10:48:57.0156 2464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/20 10:48:57.0187 2464 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/02/20 10:48:57.0218 2464 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/20 10:48:57.0265 2464 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/02/20 10:48:57.0296 2464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/20 10:48:57.0328 2464 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/02/20 10:48:57.0359 2464 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/20 10:48:57.0406 2464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/20 10:48:57.0421 2464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/20 10:48:57.0484 2464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/20 10:48:57.0500 2464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/20 10:48:57.0531 2464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/20 10:48:57.0593 2464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/02/20 10:48:57.0640 2464 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\WINDOWS\system32\DRIVERS\pctnullport.sys

2011/02/20 10:48:57.0671 2464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/20 10:48:57.0750 2464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/20 10:48:57.0796 2464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/20 10:48:57.0875 2464 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/02/20 10:48:58.0000 2464 NWADI (0973c0c696780161f4526586d5eac422) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

2011/02/20 10:48:58.0031 2464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/20 10:48:58.0046 2464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/20 10:48:58.0109 2464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/02/20 10:48:58.0140 2464 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/20 10:48:58.0156 2464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/20 10:48:58.0218 2464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/20 10:48:58.0265 2464 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

2011/02/20 10:48:58.0296 2464 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys

2011/02/20 10:48:58.0328 2464 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/20 10:48:58.0375 2464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/02/20 10:48:58.0390 2464 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/02/20 10:48:58.0421 2464 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\WINDOWS\system32\PCTINDIS5.SYS

2011/02/20 10:48:58.0531 2464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/02/20 10:48:58.0562 2464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/02/20 10:48:58.0656 2464 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/02/20 10:48:58.0718 2464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/20 10:48:58.0750 2464 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/20 10:48:58.0781 2464 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/20 10:48:58.0812 2464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/20 10:48:58.0843 2464 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/20 10:48:59.0140 2464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/02/20 10:48:59.0156 2464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/02/20 10:48:59.0203 2464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/02/20 10:48:59.0234 2464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/02/20 10:48:59.0250 2464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/02/20 10:48:59.0281 2464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/20 10:48:59.0343 2464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/20 10:48:59.0359 2464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/20 10:48:59.0390 2464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/20 10:48:59.0421 2464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/20 10:48:59.0437 2464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/20 10:48:59.0484 2464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/20 10:48:59.0531 2464 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/20 10:48:59.0593 2464 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/20 10:48:59.0640 2464 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

2011/02/20 10:48:59.0703 2464 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/02/20 10:48:59.0734 2464 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/02/20 10:48:59.0765 2464 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/02/20 10:48:59.0890 2464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/20 10:48:59.0953 2464 Ser2pl (2ec41a96d0dc98bd119bf325e0b9f392) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

2011/02/20 10:49:00.0000 2464 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/20 10:49:00.0031 2464 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/20 10:49:00.0062 2464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/20 10:49:00.0156 2464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/02/20 10:49:00.0203 2464 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/02/20 10:49:00.0234 2464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/02/20 10:49:00.0281 2464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/20 10:49:00.0328 2464 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/20 10:49:00.0406 2464 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/20 10:49:00.0453 2464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/02/20 10:49:00.0531 2464 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

2011/02/20 10:49:00.0593 2464 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/02/20 10:49:00.0625 2464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/20 10:49:00.0671 2464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/20 10:49:00.0703 2464 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\WINDOWS\System32\drivers\swmsflt.sys

2011/02/20 10:49:00.0750 2464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/02/20 10:49:00.0796 2464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/02/20 10:49:00.0828 2464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/02/20 10:49:00.0843 2464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/02/20 10:49:00.0890 2464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/20 10:49:00.0937 2464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/20 10:49:00.0984 2464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/20 10:49:01.0046 2464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/20 10:49:01.0109 2464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/20 10:49:01.0140 2464 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/02/20 10:49:01.0187 2464 TVICHW32 (e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS

2011/02/20 10:49:01.0234 2464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/20 10:49:01.0296 2464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/02/20 10:49:01.0375 2464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/20 10:49:01.0406 2464 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/02/20 10:49:01.0437 2464 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/20 10:49:01.0468 2464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/02/20 10:49:01.0515 2464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/20 10:49:01.0531 2464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/02/20 10:49:01.0578 2464 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/20 10:49:01.0625 2464 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/20 10:49:01.0640 2464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/20 10:49:01.0703 2464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/20 10:49:01.0750 2464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/02/20 10:49:01.0796 2464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/02/20 10:49:01.0828 2464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/02/20 10:49:01.0875 2464 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/20 10:49:01.0921 2464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/20 10:49:01.0953 2464 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/02/20 10:49:01.0984 2464 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

2011/02/20 10:49:02.0031 2464 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

2011/02/20 10:49:02.0078 2464 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/02/20 10:49:02.0140 2464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/20 10:49:02.0203 2464 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/02/20 10:49:02.0281 2464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/02/20 10:49:02.0328 2464 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys

2011/02/20 10:49:02.0359 2464 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/02/20 10:49:02.0406 2464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/02/20 10:49:02.0437 2464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/02/20 10:49:02.0625 2464 ================================================================================

2011/02/20 10:49:02.0625 2464 Scan finished

2011/02/20 10:49:02.0625 2464 ================================================================================

DDS.txt contents

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 10:51:37.57 on Sun 02/20/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1141 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\HP\HP UT\bin\hppusg.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31 517448]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

=============== Created Last 30 ================

2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira

2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 10:52:52.93 ===============

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click [bF0-Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post the following logs:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log only

Link to post
Share on other sites

Here yeah go....

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5822

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/20/2011 1:58:06 PM

mbam-log-2011-02-20 (13-58-06).txt

Scan type: Quick scan

Objects scanned: 175869

Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Latest DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 15:48:52.34 on Sun 02/20/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.939 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\KADxMain.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg10\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org

2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital

imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common

files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks

2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat

8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar

5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks

2011\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL pyllgk.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

%profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-2-15 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-15 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-15 267944]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-15 61960]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg10\identity protection\agent\bin\avgidsagent.exe" --> c:\program

files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [?]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe

[2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-31

517448]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

=============== Created Last 30 ================

2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint

2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 23:17:42 -------- d-----w- c:\docume~1\esp\applic~1\Avira

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-15 22:34:28 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-15 22:34:27 -------- d-----w- c:\program files\Avira

2011-02-15 22:34:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 19:16:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 15:49:50.70 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

Hi,

Tried running Combo-fix. Got error stating to remove AVG - Avg is not listed in my programs for removal. How should I proceed?

Also when I was shutting off firewall - "Smart Internet Protection" is listed as running... This program showed up a couple of weeks ago. Thought Malwarebytes had removed it.... but there must be some lingering parts. I don't know how to remove this or shut off.

Link to post
Share on other sites

ran AVG removal - here is latest DDS thanks

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 18:06:44.79 on Sun 02/20/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1163 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x]

=============== Created Last 30 ================

2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint

2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 18:07:49.70 ===============

Link to post
Share on other sites

Thanks!

Still there are some leftovers, so let's try another way. Please download and install the latest version of AppRemover:

http://www.appremover.com/get/appremover.exe

Then follow the instructions here:

http://www.appremover.com/faq/about/using-appremover.html

Just use Clean Up a Failed Uninstall.

Finally, post a new fresh DDS log file only.

Link to post
Share on other sites

ran AVG removal - here is latest DDS thanks

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 18:06:44.79 on Sun 02/20/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1163 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x]

=============== Created Last 30 ================

2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint

2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 18:07:49.70 ===============

Link to post
Share on other sites

Thanks!

Open Notepad and copy and paste the text in the code box below into it:

KillAll::

SecCenter::
AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}
FW: Smart Internet Protection 2011 *Enabled*

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

Good Morning... Ran Appremover, Clean Up - It did not find any programs.

02-22-11 DDS

DDS (Ver_10-12-12.02) - NTFSx86

Run by ESP at 10:36:23.40 on Mon 02/21/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.995 [GMT -6:00]

AV: Smart Internet Protection 2011 *Enabled/Updated* {5FF1745D-232A-473B-9B5A-7D2C2C8E9715}

FW: Smart Internet Protection 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\AOL\1218650315\ee\AOLSoftware.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Brownie\BrstsWnd.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Brownie\Brnipmon.exe

C:\Program Files\AOL 9.1\waol.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\AOL 9.1\shellmon.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\ESP\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page =

uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080315

uSearch Bar =

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant =

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe

uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"

uRun: [Registry Cleaner Scheduler] "e:\cleanmypc\registry cleaner\RCHelper.exe" /startup

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\esp\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem

uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

mRun: [KADxMain] c:\windows\system32\KADxMain.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HostManager] c:\program files\common files\aol\1218650315\ee\AOLSoftware.exe

mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRun: [brStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [<NO NAME>]

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\esp\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: DisallowRun = 1 (0x1)

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1296517823562

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://plugin.driveragent.com/files/driveragent.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll

Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 wvauth

IFEO: image file execution options - svchost.exe

IFEO: OLT.exe - svchost.exe

Hosts: 64.46.36.163 www.google.com

Hosts: 64.46.36.163 google.com

Hosts: 64.46.36.163 google.com.au

Hosts: 64.46.36.163 www.google.com.au

Hosts: 64.46.36.163 google.be

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\esp\applic~1\mozilla\firefox\profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\esp\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\esp\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1591.6512\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]

R2 havasvc;HAVA Service;c:\program files\monsoon multimedia\hava\common\havasvc.exe [2009-8-27 145408]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-9 363344]

R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2010-12-2 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-10 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [2009-1-13 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [2009-1-13 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [2009-4-23 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [2009-4-23 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-9 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2008-8-15 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-6-24 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-6-24 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-10-17 20504]

SUnknown AVG Security Toolbar Service;AVG Security Toolbar Service; [x]

=============== Created Last 30 ================

2011-02-20 22:38:50 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint

2011-02-19 23:32:45 -------- d-----w- c:\program files\trend micro

2011-02-17 23:18:19 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15:35 -------- d-sh--w- c:\documents and settings\esp\PrivacIE

2011-02-16 21:24:51 -------- d-sh--w- c:\documents and settings\esp\IECompatCache

2011-02-16 16:50:58 -------- d-sh--w- c:\documents and settings\esp\IETldCache

2011-02-16 16:41:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02:08 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59:35 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59:15 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58:52 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58:42 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58:42 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58:42 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58:31 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57:44 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56:56 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54:38 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54:38 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54:29 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53:21 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51:59 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51:59 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51:59 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51:59 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51:59 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51:59 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51:59 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51:59 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51:58 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51:58 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51:52 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50:45 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28:33 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-31 21:57:25 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-31 20:58:38 -------- d-----w- c:\windows\pss

2011-01-31 17:14:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-01-31 14:59:26 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SITVVDHRP

2011-01-31 14:59:05 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\66b0ba

==================== Find3M ====================

2011-01-05 21:22:45 256 ----a-w- c:\windows\system32\pool.bin

============= FINISH: 10:36:48.32 ===============

Link to post
Share on other sites

Hi,

Combo-fix appears to not be running... it is in Autoscan for over 20 minutes = however hard drive is not spinning.

Screen says...

"Scanning for infected files . . .

This typically doesn't take more than 10 minutes

However, scan times for badly infected machines may easily double."

I dragged the CSScript file to Compbo-fix

got message that Smart Internet Protection had to be removed - went ahead with at your own risk - thinking the script was meant to kill it

It asked to download a program from Microsoft so I did so.... it started scan but not action now for 30 minutes.

Allow though yesterday I disabled Malwarebytes - I think it may be active right now - don't know why - also the windows firewall is enabled right now.

How should I proceed. This post is from second computer. I will not touch infected computer till I hear from you. Thanks

Link to post
Share on other sites

* Go to start > run and type: wbemtest > hit enter

* There, click connect

* In the field on top, where it says "root\default", type root\SecurityCenter instead, then click the connect button.

* Below, click the "Query... " button

* In the query box, type: Select * From AntivirusProduct and hit apply.

* In there, select the entry with the guid {5FF1745D-232A-473B-9B5A-7D2C2C8E9715} and hit delete below. Then close that window.

Try again with ComboFix.

Link to post
Share on other sites

Combo-Fix Log

ComboFix 11-02-16.01 - ESP 02/21/2011 12:49:26.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1059 [GMT -6:00]

Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe

FW: Smart Internet Protection 2011 *Enabled* {4EDF61D5-D7DA-4FA3-A96D-42F6B3B941CA}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\Toolbar4

c:\documents and settings\ESP\Recent\ANTIGEN.exe

c:\documents and settings\ESP\Recent\ANTIGEN.sys

c:\documents and settings\ESP\Recent\cb.dll

c:\documents and settings\ESP\Recent\cb.tmp

c:\documents and settings\ESP\Recent\DBOLE.tmp

c:\documents and settings\ESP\Recent\ddv.exe

c:\documents and settings\ESP\Recent\ddv.sys

c:\documents and settings\ESP\Recent\eb.dll

c:\documents and settings\ESP\Recent\energy.tmp

c:\documents and settings\ESP\Recent\exec.dll

c:\documents and settings\ESP\Recent\fan.tmp

c:\documents and settings\ESP\Recent\FS.tmp

c:\documents and settings\ESP\Recent\kernel32.tmp

c:\documents and settings\ESP\Recent\PE.exe

c:\documents and settings\ESP\Recent\PE.sys

c:\documents and settings\ESP\Recent\ppal.dll

c:\documents and settings\ESP\Recent\ppal.tmp

c:\documents and settings\ESP\Recent\SM.exe

c:\documents and settings\ESP\Recent\tjd.dll

c:\documents and settings\ESP\Recent\tjd.tmp

C:\LOG13D.tmp

C:\LOG13E.tmp

C:\LOG26D.tmp

c:\windows\system32\bszip.dll

c:\windows\system32\gotomon.log

c:\windows\system32\ijomehad.ini

.

((((((((((((((((((((((((( Files Created from 2011-01-21 to 2011-02-21 )))))))))))))))))))))))))))))))

.

2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit

2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE

2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache

2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache

2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator

2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP

2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-21 19:09 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat

2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]

"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\ESP\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688]

Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]

2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]

2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"=

"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:HAVA Service

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-02-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Registry Cleaner Scheduler - e:\cleanmypc\Registry Cleaner\RCHelper.exe

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

MSConfigStartUp-Smart Internet Protection 2011 - c:\documents and settings\All Users\Application Data\66b0ba\SI66b_290.exe

AddRemove-CleanMyPC - Registry Cleaner_is1 - e:\cleanmypc\Registry Cleaner\unins000.exe

AddRemove-FxFoto - e:\fxfoto\FxViewer.exe

AddRemove-TriscapeFxFoto - e:\fxfoto\FxViewer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-21 13:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(8904)

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Citrix\GoToMyPC\g2svc.exe

c:\program files\Citrix\GoToMyPC\g2comm.exe

c:\program files\Citrix\GoToMyPC\g2pre.exe

c:\program files\Citrix\GoToMyPC\g2tray.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\windows\system32\rundll32.exe

c:\program files\AOL 9.1\waol.exe

c:\windows\system32\StacSV.exe

c:\program files\OpenOffice.org 2.4\program\soffice.exe

c:\program files\OpenOffice.org 2.4\program\soffice.BIN

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\fxssvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\msdtc.exe

c:\program files\Java\jre1.6.0_04\bin\jucheck.exe

c:\program files\AOL 9.1\shellmon.exe

.

**************************************************************************

.

Completion time: 2011-02-21 13:27:01 - machine was rebooted

ComboFix-quarantined-files.txt 2011-02-21 19:26

Pre-Run: 23,816,826,880 bytes free

Post-Run: 26,938,040,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A7CC3A69AA9E5EEF268C540BF8780194

Link to post
Share on other sites

Open Notepad and copy and paste the text in the code box below into it:

SecCenter::

FW: Smart Internet Protection 2011 *Enabled* {4EDF61D5-D7DA-4FA3-A96D-42F6B3B941CA}

DirLook::

c:\documents and settings\All Users\Application Data\SITVVDHRP

c:\documents and settings\All Users\Application Data\66b0ba

DDS::

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

Link to post
Share on other sites

Welcome back,

For some reason I was unable to turn off windows firewall before doing this.

I tried running combo-fix with new script. It asked me to update Combo-fix. I did update. It started to run scan... it wanted me to install windows recovery. even though I did yesterday. I installed. Scan Started got error message

bcmwltry

Application failed to inialize properly 0xc0000142

I clicked ok

Another error message came up for findste.exe

I clicked ok

combo-fix scan screen disappeared.

Awaiting your commands Thanks

Link to post
Share on other sites

This was done with running a new combo-fix (not dragging in script)

ComboFix 11-02-21.02 - ESP 02/22/2011 11:17:12.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1044 [GMT -6:00]

Running from: c:\documents and settings\ESP\Desktop\Combo-Fix.exe

.

((((((((((((((((((((((((( Files Created from 2011-01-22 to 2011-02-22 )))))))))))))))))))))))))))))))

.

2011-02-20 22:38 . 2011-02-20 22:38 -------- d-----w- c:\program files\MetaStream

2011-02-20 18:54 . 2011-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- c:\program files\trend micro

2011-02-19 23:32 . 2011-02-19 23:37 -------- d-----w- C:\rsit

2011-02-17 23:18 . 2011-02-18 00:49 -------- d-----w- c:\windows\system32\NtmsData

2011-02-17 17:15 . 2011-02-17 17:15 -------- d-sh--w- c:\documents and settings\ESP\PrivacIE

2011-02-16 21:24 . 2011-02-16 21:24 -------- d-sh--w- c:\documents and settings\ESP\IECompatCache

2011-02-16 16:50 . 2011-02-16 16:50 -------- d-sh--w- c:\documents and settings\ESP\IETldCache

2011-02-16 16:41 . 2011-02-16 16:43 -------- dc-h--w- c:\windows\ie8

2011-02-01 20:02 . 2011-02-01 20:02 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-31 23:59 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-01-31 23:59 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-01-31 23:58 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2011-01-31 23:58 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-01-31 23:58 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-01-31 23:58 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-01-31 23:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-01-31 23:57 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

2011-01-31 23:56 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

2011-01-31 23:54 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

2011-01-31 23:54 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll

2011-01-31 23:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

2011-01-31 23:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

2011-01-31 23:51 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll

2011-01-31 23:51 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll

2011-01-31 23:51 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll

2011-01-31 23:51 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll

2011-01-31 23:51 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll

2011-01-31 23:51 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe

2011-01-31 23:51 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe

2011-01-31 23:51 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe

2011-01-31 23:51 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll

2011-01-31 23:51 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll

2011-01-31 23:51 . 2010-08-13 12:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-01-31 23:51 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe

2011-01-31 23:50 . 2009-08-07 01:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-01-31 23:28 . 2011-02-20 16:35 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-31 23:28 . 2011-02-14 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-01-31 21:57 . 2011-01-31 21:57 -------- d-----w- c:\program files\Advanced Registry Optimizer

2011-01-31 21:46 . 2011-01-31 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-01-31 17:46 . 2011-01-31 18:14 -------- d-----w- c:\documents and settings\Administrator

2011-01-31 17:14 . 2011-02-21 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10

2011-01-31 14:59 . 2011-01-31 14:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SITVVDHRP

2011-01-31 14:59 . 2011-01-31 21:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\66b0ba

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-22 17:03 . 2008-03-18 21:53 0 ----a-w- c:\documents and settings\ESP\Local Settings\Application Data\WavXMapDrive.bat

2010-12-21 00:09 . 2009-03-09 16:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-21 00:08 . 2009-03-09 16:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248]

"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"Google Update"="c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-14 136176]

"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]

"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2010-09-24 58808]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-15 1838592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"HostManager"="c:\program files\Common Files\AOL\1218650315\ee\AOLSoftware.exe" [2008-06-24 41824]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2010-09-23 738776]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]

"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-11-10 1457928]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-21 443728]

c:\documents and settings\ESP\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-15 50688]

Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2002-1-9 200704]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-12-2 5776648]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-2 1156384]

QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2010-12-2 1178400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]

2010-07-26 18:42 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]

2009-12-02 17:21 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]

2009-12-02 21:32 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\aol\\1218650315\\ee\\aolsoftware.exe"=

"c:\\Program Files\\AOL 9.1\\waol.exe"=

"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\ADS nas drive manual\\Driver\\ADS_20TECH\\ADS TECH\\PNMD.EXE"=

"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\BaxelData\\Cue Player Premium\\cueplayer.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\ESP\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2011\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\ESP\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:HAVA Service

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 1:21 PM 79432]

R2 havasvc;HAVA Service;c:\program files\Monsoon Multimedia\HAVA\Common\havasvc.exe [8/27/2009 6:21 PM 145408]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/9/2009 10:40 AM 363344]

R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [12/2/2010 1:02 PM 1251840]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 1:16 PM 93960]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/10/2004 12:50 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 11:32 AM 97536]

R3 havabus;HAVA Bus Enumerator;c:\windows\system32\drivers\havabus.sys [1/13/2009 2:44 PM 37376]

R3 havanet;HAVA NDIS Protocol Driver;c:\windows\system32\drivers\havanet.sys [1/13/2009 2:44 PM 20480]

R3 HAVATV;Hava Video Device;c:\windows\system32\drivers\HavaTV.sys [4/23/2009 5:49 PM 324224]

R3 HavaTV_10;Hava Remote Video Device;c:\windows\system32\drivers\HavaTV_10.sys [4/23/2009 5:49 PM 324224]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/9/2009 10:40 AM 20952]

S2 gupdate1c9de4aaaa66eb0;Google Update Service (gupdate1c9de4aaaa66eb0);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 3:40 PM 133104]

S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [8/15/2008 9:45 AM 20064]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [9/3/2009 11:06 AM 280576]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [9/3/2009 11:06 AM 51456]

S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [6/24/2010 7:42 PM 112640]

S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [6/24/2010 7:43 PM 103680]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/17/2010 12:45 PM 20504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2011-02-22 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 21:37]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 21:40]

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006Core.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

2011-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4266526267-4164716228-2054506063-1006UA.job

- c:\documents and settings\ESP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-13 14:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\ESP\Application Data\Mozilla\Firefox\Profiles\lixgknue.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.co.uk/news?edchanged=1&ned=us

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-02-22 11:25

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)

c:\windows\system32\Ati2evxx.dll

c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(19948)

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\documents and settings\ESP\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-02-22 11:28:37

ComboFix-quarantined-files.txt 2011-02-22 17:28

ComboFix2.txt 2011-02-21 19:27

Pre-Run: 26,935,959,552 bytes free

Post-Run: 26,912,321,536 bytes free

- - End Of File - - 0B75DEFCF5EF63C61332092493A88AE1

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.