jamisz
2010-07-03, 19:31
Hello,
Recently I was surfing the internet and unfortunately got myself Antimalware Doctor.
I have managed to pretty much get it off my PC by running multiple scans with Malwarebytes, Spybot and Avira. However it seems a file or 2 still remains. Those 3 scans are now coming back saying the PC is clean however Im sure it is not.
At first I was getting Antimalware Doctor popups and unable to update Malwarebytes or even visit malwarebytes.org website. It was also blocking me from many other websites including spybots as well. After running many scans I am now able to update malwarebytes and spybot, and visit their websites. The popups are also gone.
I am however still being redirected occasionally for different websites and I am still unable to update windows without getting an error message. I also am unable to post my new thread on this website getting a message saying "The connection was reset"
I believe the file thats still causing me problems is 070700setup.exe. I cant find it however but believe its in C:\Users\Jason\AppData\Roaming. Also it is showing on my start menu in msconfig (unchecked but not removed from list)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 9:36:00.62 on Fri 07/02/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2370 [GMT -5:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jason\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240690474437
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\93axtmi1.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\users\jason\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\download manager\npfpdlm.dll
FF - plugin: d:\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-1-20 4608]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-30 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-6 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-6 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-6 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-6 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-30 112592]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2009-4-26 1310720]
R3 hcw73bda;Hauppauge HVR USB2 Video Capture;c:\windows\system32\drivers\Hcw73bda.sys [2010-1-26 513152]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-6-2 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c5bc34c7c280;Google Update Service (gupdate1c9c5bc34c7c280);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-30 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Start BT in service;Start BT in service;d:\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
=============== Created Last 30 ================
2010-07-02 00:02:50 1926182 ----a-w- c:\windows\umcat_01.db
2010-07-01 04:38:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-01 04:38:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 04:25:26 50 ----a-w- c:\windows\wininit.ini
2010-07-01 04:15:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-01 04:15:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-01 04:15:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 01:52:37 0 d-----w- C:\sh4ldr
2010-07-01 01:52:37 0 d-----w- c:\program files\Enigma Software Group
2010-07-01 01:52:27 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-07-01 01:09:28 0 d-----w- c:\program files\common files\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\users\jason\appdata\roaming\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\programdata\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\program files\Spyware Doctor
2010-07-01 01:09:14 0 d---a-w- c:\programdata\TEMP
2010-06-30 21:09:05 203264 ----a-w- c:\windows\Gtumua.exe
2010-06-30 21:08:45 0 d-----w- c:\users\jason\appdata\roaming\F2E124B39FF5BA1903A425CB2B2F0B39
2010-06-28 23:00:53 0 d-----w- c:\program files\iPod
2010-06-28 23:00:52 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 08:00:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 08:00:25 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 08:00:24 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 08:00:24 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 08:00:24 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 15:14:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-24 15:14:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-09 05:18:26 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 05:18:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 05:18:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 05:18:21 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 05:18:01 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 05:17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
==================== Find3M ====================
2010-06-28 22:57:45 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 22:57:45 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-28 22:57:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-27 19:45:56 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 19:45:56 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 01:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-21 09:17:08 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-18 15:40:53 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-18 15:40:53 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-18 15:40:53 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 9:38:06.29 ===============
Thanks for all the help!
Recently I was surfing the internet and unfortunately got myself Antimalware Doctor.
I have managed to pretty much get it off my PC by running multiple scans with Malwarebytes, Spybot and Avira. However it seems a file or 2 still remains. Those 3 scans are now coming back saying the PC is clean however Im sure it is not.
At first I was getting Antimalware Doctor popups and unable to update Malwarebytes or even visit malwarebytes.org website. It was also blocking me from many other websites including spybots as well. After running many scans I am now able to update malwarebytes and spybot, and visit their websites. The popups are also gone.
I am however still being redirected occasionally for different websites and I am still unable to update windows without getting an error message. I also am unable to post my new thread on this website getting a message saying "The connection was reset"
I believe the file thats still causing me problems is 070700setup.exe. I cant find it however but believe its in C:\Users\Jason\AppData\Roaming. Also it is showing on my start menu in msconfig (unchecked but not removed from list)
DDS (Ver_10-03-17.01) - NTFSx86
Run by Jason at 9:36:00.62 on Fri 07/02/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2370 [GMT -5:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jason\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240690474437
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\jason\appdata\roaming\mozilla\firefox\profiles\93axtmi1.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\users\jason\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: d:\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\download manager\npfpdlm.dll
FF - plugin: d:\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\plugins\npqtplugin7.dll
FF - plugin: d:\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: d:\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-1-20 4608]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-30 218592]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-6 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-6 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-6 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-6 60936]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-30 112592]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2009-4-26 1310720]
R3 hcw73bda;Hauppauge HVR USB2 Video Capture;c:\windows\system32\drivers\Hcw73bda.sys [2010-1-26 513152]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-6-2 33792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c5bc34c7c280;Google Update Service (gupdate1c9c5bc34c7c280);c:\program files\google\update\GoogleUpdate.exe [2009-4-25 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-30 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-30 1142224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Start BT in service;Start BT in service;d:\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-12-27 51816]
=============== Created Last 30 ================
2010-07-02 00:02:50 1926182 ----a-w- c:\windows\umcat_01.db
2010-07-01 04:38:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-01 04:38:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-01 04:25:26 50 ----a-w- c:\windows\wininit.ini
2010-07-01 04:15:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-01 04:15:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-01 04:15:07 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 01:52:37 0 d-----w- C:\sh4ldr
2010-07-01 01:52:37 0 d-----w- c:\program files\Enigma Software Group
2010-07-01 01:52:27 0 d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-07-01 01:09:28 0 d-----w- c:\program files\common files\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\users\jason\appdata\roaming\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\programdata\PC Tools
2010-07-01 01:09:27 0 d-----w- c:\program files\Spyware Doctor
2010-07-01 01:09:14 0 d---a-w- c:\programdata\TEMP
2010-06-30 21:09:05 203264 ----a-w- c:\windows\Gtumua.exe
2010-06-30 21:08:45 0 d-----w- c:\users\jason\appdata\roaming\F2E124B39FF5BA1903A425CB2B2F0B39
2010-06-28 23:00:53 0 d-----w- c:\program files\iPod
2010-06-28 23:00:52 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-25 08:00:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 08:00:25 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 08:00:24 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 08:00:24 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 08:00:24 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 15:14:43 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-24 15:14:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-09 05:18:26 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 05:18:24 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 05:18:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 05:18:21 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 05:18:01 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 05:17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
==================== Find3M ====================
2010-06-28 22:57:45 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 22:57:45 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-28 22:57:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-27 19:45:56 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 19:45:56 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 01:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-21 09:17:08 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-18 15:40:53 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-04-18 15:40:53 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-04-18 15:40:53 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 9:38:06.29 ===============
Thanks for all the help!