simon123
2010-06-22, 12:59
Help !! every now and again I keep getting redirected to
" http://www.eiwtbmsehte.net" when I choose a site after running a google search , have run spybot and microsoft security essentials sweep - it wont go away :confused: , I would run dds ??? but I dont know what it is or where to fnd it
[QUOTE=simon123;375114]Help !! every now and again I keep getting redirected to
" http://www.eiwtbmsehte.net" when I choose a site after running a google search , have run spybot and microsoft security essentials sweep - it wont go away :confused: ,
DDS (Ver_10-03-17.01) - NTFSx86
Run by Si at 11:05:52.82 on 22/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.573 [GMT 1:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Si\Local Settings\Temporary Internet Files\Content.IE5\DJ0U07SA\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet
explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft
office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program
files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.conquerorgame.com/game_current.php"
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [DSLSTATEXE] c:\program files\voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\voyager 105 adsl modem\dslagent.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\si\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam
software\eReg.exe
StartupFolder: c:\docume~1\si\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft
office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\si\start menu\programs\startup\Registration .LNK.disabled
StartupFolder: c:\docume~1\si\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\si\application
data\leadertech\powerregister\Seagate 2GH14TLA Product Registration.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program
files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program
files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: virgin.net\autoreg
Trusted Zone: virgin.net\client
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100302144436
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://isyn-eame.syngenta.com/dana-cached/sc/JuniperSetupClient.cab
TCP: {289D9343-4C54-4D87-A16F-EA8E87EE896D} = 212.159.6.9 212.159.6.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft
office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft
office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe
[2009-7-17 86016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7
840936]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-17 993280]
S2 GDI23880;Genesis Video Capture;c:\windows\system32\drivers\gdi2vid.sys [2005-9-2 163968]
S2 GDI2BTS;Genesis BDA Transport Capture;c:\windows\system32\drivers\gdi2bts.sys [2005-9-2 13696]
S2 GDI2IR;Genesis InfraRed;c:\windows\system32\drivers\gdi2ir.sys [2005-9-2 9856]
S2 GDI2TUNE;Genesis TvTuner;c:\windows\system32\drivers\gdi2tun.sys [2005-9-2 131072]
S2 GDI2XBAR;Genesis Crossbar;c:\windows\system32\drivers\gdi2xbr.sys [2005-9-2 10112]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz;cpuz;\??\f:\cpuz.sys --> f:\cpuz.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-8-29 10664]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program
files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-13 48512]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-21 89749]
=============== Created Last 30 ================
2010-06-13 21:09:56 112460 ----a-w- C:\user.js
2010-06-13 20:22:02 0 d--h--w- c:\windows\msdownld.tmp
2010-06-13 20:21:58 0 d-----w- c:\docume~1\alluse~1\applic~1\media center programs
2010-06-13 20:21:53 0 d-----w- c:\program files\Funcom
2010-06-10 11:12:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 10:14:38 0 d-----w- c:\program files\iPod
2010-06-09 10:14:30 0 d-----w- c:\program files\iTunes
2010-06-09 10:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-09 10:08:53 0 d-----w- c:\program files\Bonjour
2010-05-30 19:47:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-30 19:47:38 0 d-----w- c:\program files\PC Connectivity Solution
2010-05-30 19:33:51 0 d-----w- c:\docume~1\si\applic~1\Nokia Ovi Suite
2010-05-30 19:28:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
==================== Find3M ====================
2010-06-02 03:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 10:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 10:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 10:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 10:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 10:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-24 01:31:21 167936 --sha-r- c:\windows\system32\PnkBstrB5.dll
2009-07-11 10:13:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
============= FINISH: 11:06:41.92 ===============
" http://www.eiwtbmsehte.net" when I choose a site after running a google search , have run spybot and microsoft security essentials sweep - it wont go away :confused: , I would run dds ??? but I dont know what it is or where to fnd it
[QUOTE=simon123;375114]Help !! every now and again I keep getting redirected to
" http://www.eiwtbmsehte.net" when I choose a site after running a google search , have run spybot and microsoft security essentials sweep - it wont go away :confused: ,
DDS (Ver_10-03-17.01) - NTFSx86
Run by Si at 11:05:52.82 on 22/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.573 [GMT 1:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Si\Local Settings\Temporary Internet Files\Content.IE5\DJ0U07SA\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet
explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft
office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program
files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0
(compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.conquerorgame.com/game_current.php"
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [DSLSTATEXE] c:\program files\voyager 105 adsl modem\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\voyager 105 adsl modem\dslagent.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Cpu Level Up help] "c:\program files\asus\ai suite\CpuLevelUpHelp.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\si\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam
software\eReg.exe
StartupFolder: c:\docume~1\si\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft
office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\si\start menu\programs\startup\Registration .LNK.disabled
StartupFolder: c:\docume~1\si\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\si\application
data\leadertech\powerregister\Seagate 2GH14TLA Product Registration.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -
c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program
files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program
files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: virgin.net\autoreg
Trusted Zone: virgin.net\client
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100302144436
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://isyn-eame.syngenta.com/dana-cached/sc/JuniperSetupClient.cab
TCP: {289D9343-4C54-4D87-A16F-EA8E87EE896D} = 212.159.6.9 212.159.6.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft
office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft
office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe
[2009-7-17 86016]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7
840936]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-7-17 993280]
S2 GDI23880;Genesis Video Capture;c:\windows\system32\drivers\gdi2vid.sys [2005-9-2 163968]
S2 GDI2BTS;Genesis BDA Transport Capture;c:\windows\system32\drivers\gdi2bts.sys [2005-9-2 13696]
S2 GDI2IR;Genesis InfraRed;c:\windows\system32\drivers\gdi2ir.sys [2005-9-2 9856]
S2 GDI2TUNE;Genesis TvTuner;c:\windows\system32\drivers\gdi2tun.sys [2005-9-2 131072]
S2 GDI2XBAR;Genesis Crossbar;c:\windows\system32\drivers\gdi2xbr.sys [2005-9-2 10112]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz;cpuz;\??\f:\cpuz.sys --> f:\cpuz.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-8-29 10664]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program
files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 UMSSSTOR;C-Media Storage;c:\windows\system32\drivers\Umss.SYS [2004-7-13 48512]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-8-21 89749]
=============== Created Last 30 ================
2010-06-13 21:09:56 112460 ----a-w- C:\user.js
2010-06-13 20:22:02 0 d--h--w- c:\windows\msdownld.tmp
2010-06-13 20:21:58 0 d-----w- c:\docume~1\alluse~1\applic~1\media center programs
2010-06-13 20:21:53 0 d-----w- c:\program files\Funcom
2010-06-10 11:12:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 10:14:38 0 d-----w- c:\program files\iPod
2010-06-09 10:14:30 0 d-----w- c:\program files\iTunes
2010-06-09 10:14:30 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-09 10:08:53 0 d-----w- c:\program files\Bonjour
2010-05-30 19:47:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-30 19:47:38 0 d-----w- c:\program files\PC Connectivity Solution
2010-05-30 19:33:51 0 d-----w- c:\docume~1\si\applic~1\Nokia Ovi Suite
2010-05-30 19:28:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
==================== Find3M ====================
2010-06-02 03:55:30 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 03:55:30 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 03:55:30 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 10:41:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 10:41:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 10:41:02 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 10:41:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 10:41:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-24 01:31:21 167936 --sha-r- c:\windows\system32\PnkBstrB5.dll
2009-07-11 10:13:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
============= FINISH: 11:06:41.92 ===============