CrazyDavey
2010-06-07, 14:38
Hi, I Just installed Windows 7 not to long ago, and didn't have any AV'S or Spyware protection, because i didn't know any free ones and couldn't afford anything else at the time, So for about a week or so I was with windows 7 internet and and protection (apart from what windows already offers) I prefer Firefox over IE because i like the options and hear it's safer.. But then I got Norton 360 premier and recently heard about Spybot S&D.. And decided to give it a try.. LOVED IT.. pretty satisfied with both but i think some malware/spyware may have gotten onto my computer before i was able to install these programs.. Some strange files popped up in my computer C file that weren't there before.. but that's not what made me suspicious, My computer often clocks about 98 - 100 CPU causing everything to come to a halt! didn't do that before, and at times firefox will just Crash out of no where.. and Norton continually picks up tracking cookies and sometimes even trojan viruses at times.. but most of the time my computer goes down to a screeching halt!:sad: please help Here is my DDS Log :
DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 6:41:18.39 on Mon 06/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.1243 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\cidlsdkv.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-5 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-6-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-6-5 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-6-5 482432]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2010-6-6 20560]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100528.003\IDSvix86.sys [2010-5-28 344112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-5 102448]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
=============== Created Last 30 ================
2010-06-07 09:29:54 0 d-----r- C:\Sandbox
2010-06-07 09:29:21 1300 ----a-w- c:\windows\Sandboxie.ini
2010-06-07 09:28:07 0 d-----w- c:\program files\Sandboxie
2010-06-07 00:05:01 0 d-----w- c:\windows\system32\Wat
2010-06-06 21:15:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-06 07:44:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-06 07:44:15 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-06 07:43:55 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-06-06 07:43:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-06-06 07:43:54 507568 ----a-w- c:\windows\system32\winload.exe
2010-06-06 07:43:53 442920 ----a-w- c:\windows\system32\winresume.exe
2010-06-06 07:43:51 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-06 07:43:36 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-06 07:43:36 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-06-06 07:43:35 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-06 07:43:34 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-06 07:42:50 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-06 07:42:18 2614272 ----a-w- c:\windows\explorer.exe
2010-06-06 07:42:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-06-06 07:42:14 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-06-06 07:42:04 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-06 07:42:03 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-06 07:42:00 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-06 07:39:59 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-06 07:39:58 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-06 07:39:58 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-06 07:39:58 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-06 07:39:58 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-06 07:39:57 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-06 07:39:57 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-06 07:39:57 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-06 07:39:39 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-06 07:39:38 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-06 07:39:38 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-06 06:20:40 0 d-----w- c:\programdata\Stardock
2010-06-06 06:20:39 0 dc-h--w- c:\programdata\{B767CDF4-2709-4263-A017-35191D1BF499}
2010-06-06 06:20:06 0 d-----w- c:\program files\Stardock
2010-06-06 05:17:46 20560 ----a-w- c:\windows\system32\drivers\elrawdsk.sys
2010-06-06 05:17:09 40960 ----a-w- c:\windows\system32\RDAccess.dll
2010-06-06 05:17:09 0 d-----w- c:\windows\system32\rddrv_9034752
2010-06-06 05:17:07 299008 ----a-w- c:\windows\system32\EEGenFn1.dll
2010-06-06 05:17:06 40712 ----a-w- c:\windows\system32\eetransx.exe
2010-06-06 05:17:06 28944 ----a-w- c:\windows\system32\temp.015
2010-06-06 05:17:06 25864 ----a-w- c:\windows\system32\EEInstMngr.exe
2010-06-06 05:17:06 24620 ----a-w- c:\windows\system32\alert2093.wav
2010-06-06 05:17:06 22528 ----a-w- c:\windows\system32\temp.014
2010-06-06 05:16:36 0 d-----w- c:\program files\Evidence Eliminator
2010-06-06 03:01:44 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-06-05 18:27:09 0 d-----w- c:\programdata\Sun
2010-06-05 18:25:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 15:48:40 0 d-----w- c:\programdata\Symantec
2010-06-05 13:53:41 0 d-----w- c:\program files\VideoLAN
2010-06-05 12:34:34 0 d-----w- c:\programdata\Adobe
2010-06-05 12:21:25 0 d-----w- c:\programdata\mergeparts
2010-06-05 12:20:45 0 d-----w- c:\programdata\deletepart
2010-06-05 12:19:48 0 d-----w- c:\programdata\redistpart
2010-06-05 12:19:29 0 d-----w- C:\archive_db
2010-06-05 12:15:02 0 d-----w- c:\programdata\createpart
2010-06-05 11:22:37 0 d-----w- c:\programdata\explauncher
2010-06-05 11:22:34 0 d-----w- c:\programdata\launcher
2010-06-05 11:15:31 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-06-05 11:14:08 0 d-----w- c:\program files\Paragon Software
2010-06-05 11:07:40 0 d-----w- c:\windows\Panther
2010-06-05 10:23:24 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-06-05 10:23:10 0 d-----w- c:\windows\system32\wbem\Performance
2010-06-05 10:09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-05 09:27:15 0 d-----w- c:\program files\Ask.com
2010-06-05 09:26:58 0 d-----w- c:\program files\uTorrent
2010-06-05 09:26:24 0 d-----w- c:\users\david\appdata\roaming\uTorrent
2010-06-05 09:10:20 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-05 09:03:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-05 08:53:26 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-05 08:53:26 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-06-05 08:53:24 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-06-05 08:53:22 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-05 08:53:22 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-05 08:53:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-05 08:53:22 0 d-----w- c:\program files\Symantec
2010-06-05 08:53:22 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-05 08:52:49 0 d-----w- c:\windows\system32\drivers\N360
2010-06-05 08:52:47 0 d-----w- c:\program files\Norton 360 Premier Edition
2010-06-05 08:52:46 0 d-----w- c:\programdata\Norton
2010-06-05 08:52:36 0 d-----w- c:\programdata\NortonInstaller
2010-06-05 08:52:36 0 d-----w- c:\program files\NortonInstaller
2010-06-05 08:33:12 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-05 08:33:03 0 d-----w- c:\programdata\Yahoo!
2010-06-05 08:32:33 0 d-sh--w- c:\windows\Installer
2010-06-05 08:32:13 0 d-----w- c:\program files\Yahoo!
2010-06-05 08:02:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-05 07:41:15 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-05 07:41:15 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-05 07:00:10 8192 --sha-r- C:\BOOTSECT.BAK
2010-06-05 07:00:06 383562 --sha-r- C:\bootmgr
2010-06-05 07:00:04 0 d-sh--w- C:\Boot
2010-06-05 04:23:07 0 d-----w- C:\Netgear
2010-05-30 13:54:53 0 d-----w- C:\Intel
2010-05-30 12:36:30 0 d-----w- C:\dell
2010-05-30 07:39:04 355 --sha-r- C:\Boot.ini.saved
==================== Find3M ====================
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 6:44:04.72 ===============
Help would be Greatly appreciated thanks~! :red:
"so I was with windows 7 internet and and protection (apart from what windows already offers) I prefer"
Sorry i mean windows 7, internet and "NO" protection. Problem still stands..
DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 6:41:18.39 on Mon 06/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2037.1243 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\David\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360 premier edition\engine\3.8.0.41\IPSBHO.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360 premier edition\engine\3.8.0.41\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.0.41\CoIEPlg.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes3\deskscapes.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\cidlsdkv.default\
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-6-5 40560]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-6-5 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-6-5 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-6-5 482432]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2010-6-6 20560]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100528.003\IDSvix86.sys [2010-5-28 344112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-5 102448]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
=============== Created Last 30 ================
2010-06-07 09:29:54 0 d-----r- C:\Sandbox
2010-06-07 09:29:21 1300 ----a-w- c:\windows\Sandboxie.ini
2010-06-07 09:28:07 0 d-----w- c:\program files\Sandboxie
2010-06-07 00:05:01 0 d-----w- c:\windows\system32\Wat
2010-06-06 21:15:06 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-06 07:44:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-06 07:44:15 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-06 07:43:55 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-06-06 07:43:55 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-06-06 07:43:54 507568 ----a-w- c:\windows\system32\winload.exe
2010-06-06 07:43:53 442920 ----a-w- c:\windows\system32\winresume.exe
2010-06-06 07:43:51 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-06 07:43:36 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-06 07:43:36 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-06-06 07:43:35 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-06 07:43:34 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-06 07:42:50 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-06 07:42:18 2614272 ----a-w- c:\windows\explorer.exe
2010-06-06 07:42:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-06-06 07:42:14 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-06-06 07:42:04 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-06 07:42:03 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-06 07:42:00 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-06 07:39:59 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-06-06 07:39:58 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-06-06 07:39:58 369152 ----a-w- c:\windows\system32\secproc.dll
2010-06-06 07:39:58 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-06-06 07:39:58 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-06-06 07:39:57 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-06-06 07:39:57 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-06-06 07:39:57 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-06-06 07:39:39 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-06 07:39:38 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-06 07:39:38 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-06 06:20:40 0 d-----w- c:\programdata\Stardock
2010-06-06 06:20:39 0 dc-h--w- c:\programdata\{B767CDF4-2709-4263-A017-35191D1BF499}
2010-06-06 06:20:06 0 d-----w- c:\program files\Stardock
2010-06-06 05:17:46 20560 ----a-w- c:\windows\system32\drivers\elrawdsk.sys
2010-06-06 05:17:09 40960 ----a-w- c:\windows\system32\RDAccess.dll
2010-06-06 05:17:09 0 d-----w- c:\windows\system32\rddrv_9034752
2010-06-06 05:17:07 299008 ----a-w- c:\windows\system32\EEGenFn1.dll
2010-06-06 05:17:06 40712 ----a-w- c:\windows\system32\eetransx.exe
2010-06-06 05:17:06 28944 ----a-w- c:\windows\system32\temp.015
2010-06-06 05:17:06 25864 ----a-w- c:\windows\system32\EEInstMngr.exe
2010-06-06 05:17:06 24620 ----a-w- c:\windows\system32\alert2093.wav
2010-06-06 05:17:06 22528 ----a-w- c:\windows\system32\temp.014
2010-06-06 05:16:36 0 d-----w- c:\program files\Evidence Eliminator
2010-06-06 03:01:44 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-06-05 18:27:09 0 d-----w- c:\programdata\Sun
2010-06-05 18:25:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 15:48:40 0 d-----w- c:\programdata\Symantec
2010-06-05 13:53:41 0 d-----w- c:\program files\VideoLAN
2010-06-05 12:34:34 0 d-----w- c:\programdata\Adobe
2010-06-05 12:21:25 0 d-----w- c:\programdata\mergeparts
2010-06-05 12:20:45 0 d-----w- c:\programdata\deletepart
2010-06-05 12:19:48 0 d-----w- c:\programdata\redistpart
2010-06-05 12:19:29 0 d-----w- C:\archive_db
2010-06-05 12:15:02 0 d-----w- c:\programdata\createpart
2010-06-05 11:22:37 0 d-----w- c:\programdata\explauncher
2010-06-05 11:22:34 0 d-----w- c:\programdata\launcher
2010-06-05 11:15:31 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-06-05 11:14:08 0 d-----w- c:\program files\Paragon Software
2010-06-05 11:07:40 0 d-----w- c:\windows\Panther
2010-06-05 10:23:24 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-06-05 10:23:10 0 d-----w- c:\windows\system32\wbem\Performance
2010-06-05 10:09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-05 09:27:15 0 d-----w- c:\program files\Ask.com
2010-06-05 09:26:58 0 d-----w- c:\program files\uTorrent
2010-06-05 09:26:24 0 d-----w- c:\users\david\appdata\roaming\uTorrent
2010-06-05 09:10:20 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-05 09:03:17 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-05 08:53:26 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-05 08:53:26 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-06-05 08:53:24 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-06-05 08:53:22 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-05 08:53:22 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-05 08:53:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-05 08:53:22 0 d-----w- c:\program files\Symantec
2010-06-05 08:53:22 0 d-----w- c:\program files\common files\Symantec Shared
2010-06-05 08:52:49 0 d-----w- c:\windows\system32\drivers\N360
2010-06-05 08:52:47 0 d-----w- c:\program files\Norton 360 Premier Edition
2010-06-05 08:52:46 0 d-----w- c:\programdata\Norton
2010-06-05 08:52:36 0 d-----w- c:\programdata\NortonInstaller
2010-06-05 08:52:36 0 d-----w- c:\program files\NortonInstaller
2010-06-05 08:33:12 0 d-----w- c:\programdata\Yahoo! Companion
2010-06-05 08:33:03 0 d-----w- c:\programdata\Yahoo!
2010-06-05 08:32:33 0 d-sh--w- c:\windows\Installer
2010-06-05 08:32:13 0 d-----w- c:\program files\Yahoo!
2010-06-05 08:02:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-05 07:41:15 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-05 07:41:15 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-05 07:00:10 8192 --sha-r- C:\BOOTSECT.BAK
2010-06-05 07:00:06 383562 --sha-r- C:\bootmgr
2010-06-05 07:00:04 0 d-sh--w- C:\Boot
2010-06-05 04:23:07 0 d-----w- C:\Netgear
2010-05-30 13:54:53 0 d-----w- C:\Intel
2010-05-30 12:36:30 0 d-----w- C:\dell
2010-05-30 07:39:04 355 --sha-r- C:\Boot.ini.saved
==================== Find3M ====================
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 6:44:04.72 ===============
Help would be Greatly appreciated thanks~! :red:
"so I was with windows 7 internet and and protection (apart from what windows already offers) I prefer"
Sorry i mean windows 7, internet and "NO" protection. Problem still stands..