Jump to content

Recommended Posts

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Greg at 1:09:56.93 on Thu 05/12/2011

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1097 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Greg\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi go pro\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\lo7bbk16.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-4-10 1254400]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-4-10 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-4-10 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-4-10 79360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-3 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2011-05-12 08:06:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-12 08:06:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-11 18:13:29 439632 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{9f069dac-8a19-475b-bfef-f1d58989ca04}\gapaengine.dll

2011-05-11 18:13:21 7071056 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{de7fd111-451d-4cea-b56c-781ce224aba8}\mpengine.dll

2011-05-11 18:09:04 -------- d-----w- c:\program files\Microsoft Security Client

2011-05-11 07:53:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-08 20:39:11 -------- d-----w- c:\users\greg\appdata\local\Diagnostics

2011-05-03 08:22:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-24 16:21:20 -------- d-----w- c:\program files\MSXML 4.0

2011-04-23 20:34:15 14744 ----a-w- c:\users\greg\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll

2011-04-23 20:32:37 -------- d-----w- c:\program files\MSECache

2011-04-22 20:44:05 -------- d-----w- c:\users\greg\appdata\local\HP

2011-04-22 20:35:28 -------- d-----w- c:\users\greg\appdata\roaming\HpUpdate

2011-04-22 20:35:22 -------- d-----w- c:\program files\Coupons

2011-04-22 20:32:03 -------- d-----w- c:\program files\common files\HP

2011-04-22 20:31:38 -------- d-----w- c:\program files\common files\Hewlett-Packard

2011-04-22 20:29:59 -------- d-----w- c:\program files\HP

2011-04-22 20:28:33 966656 ----a-w- c:\windows\system32\hpost_p02a.dll

2011-04-22 20:28:33 737280 ----a-w- c:\windows\system32\hposwia_p02a.dll

2011-04-22 20:28:33 307200 ----a-w- c:\windows\system32\hposc_p02a.dll

2011-04-20 07:38:33 -------- d-----w- c:\program files\PhotoWipe

2011-04-18 15:23:58 -------- d-----w- c:\users\greg\appdata\local\{1E450815-F5CB-4B55-B7F2-D669FC43DC33}

2011-04-14 16:03:55 -------- d-----w- c:\users\greg\appdata\local\{09213E59-07F8-4CA7-B9F5-B5CE94F6638B}

2011-04-13 20:30:01 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-13 20:30:01 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-04-13 20:30:01 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-04-13 20:29:55 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-04-13 20:29:54 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-04-13 20:29:53 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-04-13 20:29:53 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-04-13 20:29:24 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-04-13 20:29:18 191488 ----a-w- c:\windows\system32\FXSCOVER.exe

2011-04-13 20:29:05 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-13 20:28:51 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-13 20:28:46 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-04-13 20:28:45 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-04-13 20:28:44 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-04-13 20:28:44 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-04-13 20:28:44 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-04-13 20:28:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-13 15:54:43 -------- d-----w- c:\program files\Microsoft Analysis Services

2011-04-13 15:54:25 -------- d-----w- c:\users\greg\appdata\local\Microsoft Help

2011-04-13 07:56:05 -------- d-----w- c:\users\greg\appdata\local\{013C5824-4A47-45D8-A30D-9C522CAE631D}

2011-04-12 16:10:57 -------- d-----w- c:\users\greg\appdata\local\{D070B37D-D360-4A94-BE89-EDA45F162CA6}

.

==================== Find3M ====================

.

2011-04-11 04:11:46 445016 ----a-w- c:\windows\system32\wrap_oal.dll

2011-04-11 04:11:46 109144 ----a-w- c:\windows\system32\OpenAL32.dll

2011-04-01 23:39:01 801792 ----a-w- c:\windows\system32\FntCache.dll

2011-04-01 23:39:01 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-04-01 23:39:01 3181568 ----a-w- c:\windows\system32\mf.dll

2011-04-01 23:39:01 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-04-01 23:39:01 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2011-04-01 23:39:01 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2011-04-01 23:39:01 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-04-01 23:39:01 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll

2011-04-01 23:39:01 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-04-01 23:39:01 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-04-01 23:39:01 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-03-12 11:31:58 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-03-11 05:39:35 1686016 ----a-w- c:\windows\system32\esent.dll

2011-03-11 05:37:34 74240 ----a-w- c:\windows\system32\fsutil.exe

2011-02-26 05:33:07 2614784 ----a-w- c:\windows\explorer.exe

2011-02-18 05:33:29 31232 ----a-w- c:\windows\system32\prevhost.exe

.

============= FINISH: 1:10:31.77 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.