Possible Hijacking Victim

[trenelly]

Here are my DDS logs.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Jason at 18:52:14.42 on 20/01/2011
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3838.2582 [GMT 11:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxczcoms.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Canonical\Ubuntu Light\PartitionMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Shrink Pic\shrink_pic.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMDN9PNT\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Jason\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHRINK~1.LNK - C:\Program Files (x86)\Shrink Pic\shrink_pic.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {BA349892-27C8-4D02-93C7-A222B650AF9C} = 203.21.112.40 202.124.65.18
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [lxczbmgr.exe] "C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe"
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-2 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-2 202752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-10 155648]
R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-17 2428552]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-8 689472]
R2 Ubuntu Light Partition Monitor;Ubuntu Light Partition Monitor;C:\Program Files (x86)\Canonical\Ubuntu Light\PartitionMonitor.exe [2010-7-15 308736]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-2 6659072]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-2 195584]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-11-2 340520]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-2 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-8 175168]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2010-11-2 96296]
R3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;C:\Windows\System32\drivers\d554scard.sys [2010-11-2 60968]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\System32\drivers\wwuss64.sys [2010-11-2 26664]
R3 ecnssndisfltr;SSNDIS filter service;C:\Windows\System32\drivers\wwussf64.sys [2010-11-2 30248]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-2 74280]
R3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);C:\Windows\System32\drivers\Mbm3CBus.sys [2010-11-2 346624]
R3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM;C:\Windows\System32\drivers\Mbm3DevMt.sys [2010-11-2 370688]
R3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;C:\Windows\System32\drivers\Mbm3mdfl.sys [2010-11-2 19456]
R3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;C:\Windows\System32\drivers\Mbm3Mdm.sys [2010-11-2 427008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 QWARQNet;Qwarq Virtual Miniport;C:\Windows\System32\drivers\QWARQNet.sys [2010-12-8 13568]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-2 34872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;C:\Windows\System32\drivers\WwanUsbMp64.sys [2010-11-2 268328]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2009-7-23 132608]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848]
S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\System32\drivers\ewusbfake.sys [2009-7-23 113792]
S3 MODRC;PCTV Dib Infrared Receiver;C:\Windows\System32\drivers\modrc.sys [2010-11-19 24272]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-31 25072]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-2 245792]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-18 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

=============== Created Last 30 ================

2011-01-18 22:31:33 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B60EAE4D-B73A-47EE-AFD2-5E532EC928E9}\mpengine.dll
2011-01-16 20:56:17 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-16 03:13:03 -------- d-----w- C:\Users\Jason\AppData\Local\Amazon
2011-01-15 09:03:53 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{F22EB8C7-D418-4E02-B95A-158C62110ED9}\gapaengine.dll
2011-01-15 08:51:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-01-15 08:51:47 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-01-15 08:51:34 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-01-15 08:26:38 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1514F75D-F967-4661-AD8B-C2E88E4563A9}\mpengine.dll
2011-01-12 03:21:42 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 03:21:42 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 03:21:42 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 03:21:41 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 03:21:41 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 03:21:41 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 03:21:41 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 03:21:41 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 03:21:41 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 03:21:41 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-02 21:39:47 2381824 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-02 21:39:46 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-02 21:39:45 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-01-02 21:39:44 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-01-02 21:18:33 -------- d-----w- C:\PROGRA~3\LFJVuLkVcko1a6l
2011-01-02 21:16:14 -------- d-----w- C:\Program Files (x86)\CRUISING BROKEN BAY
2011-01-01 02:04:41 1863680 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2011-01-01 02:04:40 1495040 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2011-01-01 02:04:10 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-12-23 10:51:17 116224 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxczpp6c.dll
2010-12-23 10:51:01 -------- d-----w- C:\Program Files\Lexmark 1200 Series
2010-12-23 10:49:42 -------- d-----w- C:\lexmark
2010-12-22 20:51:44 -------- d-----w- C:\Users\Jason\AppData\Roaming\shrink_pic
2010-12-22 20:51:30 -------- d-----w- C:\Program Files (x86)\Shrink Pic
2010-12-22 19:39:35 48648 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-12-21 21:49:00 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

==================== Find3M ====================

2010-12-07 22:40:07 0 ----a-w- C:\Windows\ativpsrm.bin
2010-12-07 22:12:59 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-12-07 20:56:20 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2010-12-07 20:50:19 468480 ----a-w- C:\Windows\System32\deployJava1.dll
2010-11-29 06:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 06:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-29 05:21:26 10915840 ----a-w- C:\Windows\SysWow64\libmfxhw32.dll
2010-11-29 05:21:20 10833920 ----a-w- C:\Windows\SysWow64\libmfxsw32.dll
2010-11-18 23:23:10 24272 ----a-w- C:\Windows\System32\drivers\modrc.sys
2010-11-18 23:23:10 1077840 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2010-11-17 03:49:26 92808 ----a-w- C:\Windows\System32\FAIEExtension.dll
2010-11-17 03:49:26 87176 ----a-w- C:\Windows\SysWow64\FAIEExtension.dll
2010-11-17 03:49:22 57480 ----a-w- C:\Windows\SysWow64\FAib.dll
2010-11-17 03:49:20 558728 ----a-w- C:\Windows\System32\FAPassSync.dll
2010-11-17 03:49:20 159368 ----a-w- C:\Windows\SysWow64\FAPassSync.dll
2010-11-17 03:49:16 6761096 ----a-w- C:\Windows\System32\FAIESSODlg.dll
2010-11-17 03:49:16 657032 ----a-w- C:\Windows\System32\FAConsIfDLL.dll
2010-11-17 03:49:16 6168200 ----a-w- C:\Windows\SysWow64\FAIESSODlg.dll
2010-11-17 03:49:16 274056 ----a-w- C:\Windows\SysWow64\FAConsIfDLL.dll
2010-11-17 03:49:14 924808 ----a-w- C:\Windows\SysWow64\FACredProv.dll
2010-11-17 03:49:14 848520 ----a-w- C:\Windows\SysWow64\FACredProv2.dll
2010-11-17 03:49:14 248968 ----a-w- C:\Windows\SysWow64\FACrashRpt.dll
2010-11-17 03:31:16 1025536 ----a-w- C:\Windows\System32\FACredProv2.dll
2010-11-17 03:31:00 1104384 ----a-w- C:\Windows\System32\FACredProv.dll
2010-11-12 08:18:12 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2010-11-12 08:18:08 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2010-11-12 07:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:33 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:18:05 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:17:48 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:17:48 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:17:47 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:17:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 04:26:00 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:25:43 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:25:43 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:25:43 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:25:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-24 10:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-24 10:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2010-10-24 10:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

============= FINISH: 18:53:06.16 ===============

[Blade81]

Hi,

What are symptoms with the system?

[trenelly]

The system used to log into web sites using facial recognition. A while back this stopped working: IE8 would fail to work as long as the plug in was enabled.

I downloaded a beta of IE9 but the same thing happened.

[Blade81]

Hi,

Have you tried to reinstall the recognition program?

[trenelly]

Hi,

Will do - I'll let you know how it goes.

Thanks,
Jason

[Blade81]

Ok. Shall wait for results

[trenelly]

Hi,

Just reinstalled software - same result: IE will not work when the add-on is enabled.

Add-on name is: SSOIEAddonBHO Class from Sensible Vision Inc.

Trenelly

[Blade81]

Hi,

IE 9 is not supported yet. Please see here.

[trenelly]

So i need to go back to IE 8 - I'll try to get a download from MS

[trenelly]

I could not find a version of IE8 that runs on my 64 bit Win 7 PC.
I tried FireFox which works fine with the facial recognition software. The problem has gone. However, I still don't know if my machine was hijacked?