rama_brahma
2010-07-20, 08:39
Hello,
Today Antimalware doctor was installed on my computer some how and I had attempted to remove it by installing Spybot. However, if I go to www.safer-networking.org, I get a Address cannot be found error in IE, Google Chrome, and Firefox. If I ping the address, I get a host cannot be resolved error.
I attempted to install Spy Doctor, AVG, and TrendMicro's Housecall, but I receive an error that the program cannot connect to the servers.
I tried to remove Antimalware Doctor manually, and I have removed the registry entries, killed the process using a rkill.com program from bleepingcomputer.com, however I did not find the program files on my computer.
As a last resort, I downloaded ComboFix to fix the issue, and the program briefly starts before exiting.
My issues are that I receive blank IE popups every 5 minutes, I cannot visit certain websites like safer-networking.org, and the anti-virus and malware programs cannot be installed.
I would appreciate any assistance to resolve these issues.
Thanks,
Robbie
DDS Log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Anita Sharma at 23:15:03.85 on 19/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.1352 [GMT -6:00]
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\java.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\hp\kbd\kbd.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\WerCon.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Dlurea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\ANITAS~1\AppData\Local\Temp\Drx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anita Sharma\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {1f23e8a1-38ea-4555-bbed-004b70b6ad1c} - c:\windows\system32\uyhip.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Flisepasuleb] rundll32.exe "c:\users\anita sharma\appdata\local\getorton.dll",Startup
uRun: [JDK5SWFMZY] c:\users\anitas~1\appdata\local\temp\Drx.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [net] "c:\windows\system32\net.net"
mRun: [MChk] c:\windows\system32\lyhip.exe
mRun: [Cxeyup] rundll32.exe "c:\users\anita sharma\appdata\local\ayutiwuv.dll",Startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\anitas~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\antima~1.lnk - c:\users\anita sharma\appdata\roaming\fd4a18f757c89bc70e0f92ec711eedaa\070700Setup.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.79,93.188.166.229
TCP: {533640CA-E5EB-4D6F-8D77-643B39E2F2BA} = 93.188.164.79,93.188.166.229
TCP: {6C10EA18-B7C2-45D7-A274-83D5BA89E86B} = 93.188.164.79,93.188.166.229
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\anitas~1\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010&query=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {64F540B9-D651-4E43-B982-4765EFAFF80F} - c:\users\anita sharma\appdata\local\{64F540B9-D651-4E43-B982-4765EFAFF80F}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-19 217032]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100513.001\IDSvix86.sys [2010-5-18 286768]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-19 112592]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-14 198240]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-1 149352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-19 1142224]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-8-14 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-8-14 265216]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-18 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca682c68b9b090;Google Update Service (gupdate1ca682c68b9b090);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
=============== Created Last 30 ================
2010-07-20 00:55:15 882 ----a-w- c:\windows\RegSDImport.xml
2010-07-20 00:55:15 879 ----a-w- c:\windows\RegISSImport.xml
2010-07-20 00:55:15 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-20 00:55:15 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-20 00:55:15 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-20 00:55:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-20 00:55:15 131 ----a-w- c:\windows\IDB.zip
2010-07-20 00:55:15 1152444 ----a-w- c:\windows\UDB.zip
2010-07-20 00:54:56 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-20 00:54:56 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-20 00:54:56 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-20 00:54:45 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-20 00:54:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-20 00:54:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-20 00:54:45 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-20 00:54:34 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-07-20 00:54:34 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-20 00:54:30 0 d-----w- c:\users\anitas~1\appdata\roaming\PC Tools
2010-07-20 00:54:30 0 d-----w- c:\programdata\PC Tools
2010-07-20 00:54:30 0 d-----w- c:\program files\Spyware Doctor
2010-07-20 00:54:30 0 d-----w- c:\program files\common files\PC Tools
2010-07-19 23:43:56 767488 ----a-w- c:\windows\system32\drivers\cztvmwfh.sys
2010-07-19 23:43:28 189952 ----a-w- c:\windows\Dlurea.exe
2010-07-19 23:43:22 150 ----a-w- C:\zrpt.xml
2010-07-19 23:43:06 0 d-----w- c:\users\anitas~1\appdata\roaming\FD4A18F757C89BC70E0F92EC711EEDAA
2010-07-19 23:42:59 36401 ----a-w- c:\windows\system32\net.net
2010-07-17 06:36:05 0 d-----w- c:\program files\Alcohol Soft
2010-07-17 06:30:20 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-17 06:29:35 0 d-----w- c:\program files\Franzis
2010-07-17 05:22:54 73 ----a-w- c:\windows\EurekaLog.ini
2010-07-17 05:16:32 0 d-----w- c:\users\anitas~1\appdata\roaming\AC1
2010-07-17 05:16:30 0 d-----w- c:\program files\AudioComparer
2010-07-17 05:15:06 0 d-----w- c:\program files\iPod
2010-07-17 05:15:04 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:07:37 0 d-----w- c:\program files\Bonjour
2010-07-16 04:06:20 246784 ----a-w- c:\windows\system32\uyhip.dll
2010-07-14 00:43:22 40581 ----a-w- c:\windows\system32\lyhip.exe
2010-06-27 17:26:59 0 d-----w- C:\PHP
2010-06-26 12:51:10 0 d-----w- c:\programdata\DivX
2010-06-25 03:20:58 0 d-----w- c:\programdata\McAfee
2010-06-23 09:00:41 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 09:00:41 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 09:00:39 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-23 09:00:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-23 09:00:39 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-06-23 05:23:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 08:17:15 0 d-----w- c:\program files\PS3 Media Server
==================== Find3M ====================
2010-07-17 05:09:52 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 05:09:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 05:09:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 22:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 22:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-21 17:05:16 10752 ----a-w- c:\windows\system32\wamregps.dll
2010-04-21 17:01:43 8192 ----a-w- c:\windows\system32\iisrstap.dll
2010-04-21 17:01:43 153600 ----a-w- c:\windows\system32\iisRtl.dll
2010-04-21 17:01:38 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-21 17:00:02 27136 ----a-w- c:\windows\system32\ahadmin.dll
2010-04-21 16:59:58 51712 ----a-w- c:\windows\system32\admwprox.dll
2010-04-21 15:43:01 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-08-19 18:59:51 174 --sha-w- c:\program files\desktop.ini
2009-08-19 07:15:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-10-28 17:02:46 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-08-14 22:59:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 23:16:50.96 ===============
Today Antimalware doctor was installed on my computer some how and I had attempted to remove it by installing Spybot. However, if I go to www.safer-networking.org, I get a Address cannot be found error in IE, Google Chrome, and Firefox. If I ping the address, I get a host cannot be resolved error.
I attempted to install Spy Doctor, AVG, and TrendMicro's Housecall, but I receive an error that the program cannot connect to the servers.
I tried to remove Antimalware Doctor manually, and I have removed the registry entries, killed the process using a rkill.com program from bleepingcomputer.com, however I did not find the program files on my computer.
As a last resort, I downloaded ComboFix to fix the issue, and the program briefly starts before exiting.
My issues are that I receive blank IE popups every 5 minutes, I cannot visit certain websites like safer-networking.org, and the anti-virus and malware programs cannot be installed.
I would appreciate any assistance to resolve these issues.
Thanks,
Robbie
DDS Log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Anita Sharma at 23:15:03.85 on 19/07/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3071.1352 [GMT -6:00]
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\java.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\hp\kbd\kbd.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\WerCon.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\Dlurea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\ANITAS~1\AppData\Local\Temp\Drx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Anita Sharma\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: moigh Object: {1f23e8a1-38ea-4555-bbed-004b70b6ad1c} - c:\windows\system32\uyhip.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Flisepasuleb] rundll32.exe "c:\users\anita sharma\appdata\local\getorton.dll",Startup
uRun: [JDK5SWFMZY] c:\users\anitas~1\appdata\local\temp\Drx.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [net] "c:\windows\system32\net.net"
mRun: [MChk] c:\windows\system32\lyhip.exe
mRun: [Cxeyup] rundll32.exe "c:\users\anita sharma\appdata\local\ayutiwuv.dll",Startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\anitas~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\antima~1.lnk - c:\users\anita sharma\appdata\roaming\fd4a18f757c89bc70e0f92ec711eedaa\070700Setup.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.164.79,93.188.166.229
TCP: {533640CA-E5EB-4D6F-8D77-643B39E2F2BA} = 93.188.164.79,93.188.166.229
TCP: {6C10EA18-B7C2-45D7-A274-83D5BA89E86B} = 93.188.164.79,93.188.166.229
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\anitas~1\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010
FF - prefs.js: browser.startup.homepage - www.igoogle.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=100000000000000002&tb_oid=18-05-2010&tb_mrud=18-05-2010&query=
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\users\anita sharma\appdata\roaming\mozilla\firefox\profiles\pejliz2m.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {64F540B9-D651-4E43-B982-4765EFAFF80F} - c:\users\anita sharma\appdata\local\{64F540B9-D651-4E43-B982-4765EFAFF80F}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-7-19 217032]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100513.001\IDSvix86.sys [2010-5-18 286768]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-7-19 112592]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2007-8-14 198240]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-11-1 149352]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-7-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-7-19 1142224]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-26 102448]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-8-14 968064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-8-14 265216]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-18 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca682c68b9b090;Google Update Service (gupdate1ca682c68b9b090);c:\program files\google\update\GoogleUpdate.exe [2009-11-18 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2010-1-19 55184]
S3 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10_50.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
=============== Created Last 30 ================
2010-07-20 00:55:15 882 ----a-w- c:\windows\RegSDImport.xml
2010-07-20 00:55:15 879 ----a-w- c:\windows\RegISSImport.xml
2010-07-20 00:55:15 767952 ----a-w- c:\windows\BDTSupport.dll
2010-07-20 00:55:15 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-07-20 00:55:15 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-07-20 00:55:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-07-20 00:55:15 131 ----a-w- c:\windows\IDB.zip
2010-07-20 00:55:15 1152444 ----a-w- c:\windows\UDB.zip
2010-07-20 00:54:56 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-07-20 00:54:56 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-20 00:54:56 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-07-20 00:54:45 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-20 00:54:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-07-20 00:54:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-07-20 00:54:45 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-20 00:54:34 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-07-20 00:54:34 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-07-20 00:54:30 0 d-----w- c:\users\anitas~1\appdata\roaming\PC Tools
2010-07-20 00:54:30 0 d-----w- c:\programdata\PC Tools
2010-07-20 00:54:30 0 d-----w- c:\program files\Spyware Doctor
2010-07-20 00:54:30 0 d-----w- c:\program files\common files\PC Tools
2010-07-19 23:43:56 767488 ----a-w- c:\windows\system32\drivers\cztvmwfh.sys
2010-07-19 23:43:28 189952 ----a-w- c:\windows\Dlurea.exe
2010-07-19 23:43:22 150 ----a-w- C:\zrpt.xml
2010-07-19 23:43:06 0 d-----w- c:\users\anitas~1\appdata\roaming\FD4A18F757C89BC70E0F92EC711EEDAA
2010-07-19 23:42:59 36401 ----a-w- c:\windows\system32\net.net
2010-07-17 06:36:05 0 d-----w- c:\program files\Alcohol Soft
2010-07-17 06:30:20 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-17 06:29:35 0 d-----w- c:\program files\Franzis
2010-07-17 05:22:54 73 ----a-w- c:\windows\EurekaLog.ini
2010-07-17 05:16:32 0 d-----w- c:\users\anitas~1\appdata\roaming\AC1
2010-07-17 05:16:30 0 d-----w- c:\program files\AudioComparer
2010-07-17 05:15:06 0 d-----w- c:\program files\iPod
2010-07-17 05:15:04 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-17 05:07:37 0 d-----w- c:\program files\Bonjour
2010-07-16 04:06:20 246784 ----a-w- c:\windows\system32\uyhip.dll
2010-07-14 00:43:22 40581 ----a-w- c:\windows\system32\lyhip.exe
2010-06-27 17:26:59 0 d-----w- C:\PHP
2010-06-26 12:51:10 0 d-----w- c:\programdata\DivX
2010-06-25 03:20:58 0 d-----w- c:\programdata\McAfee
2010-06-23 09:00:41 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 09:00:41 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-23 09:00:39 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-06-23 09:00:39 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-06-23 09:00:39 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-06-23 05:23:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 08:17:15 0 d-----w- c:\program files\PS3 Media Server
==================== Find3M ====================
2010-07-17 05:09:52 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 05:09:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-17 05:09:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 22:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 22:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 22:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 18:42:57 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:40:40 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-04-27 18:40:40 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-04-23 13:55:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-21 17:05:16 10752 ----a-w- c:\windows\system32\wamregps.dll
2010-04-21 17:01:43 8192 ----a-w- c:\windows\system32\iisrstap.dll
2010-04-21 17:01:43 153600 ----a-w- c:\windows\system32\iisRtl.dll
2010-04-21 17:01:38 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-21 17:00:02 27136 ----a-w- c:\windows\system32\ahadmin.dll
2010-04-21 16:59:58 51712 ----a-w- c:\windows\system32\admwprox.dll
2010-04-21 15:43:01 14848 ----a-w- c:\windows\system32\iisreset.exe
2009-08-19 18:59:51 174 --sha-w- c:\program files\desktop.ini
2009-08-19 07:15:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-10-28 17:02:46 22 --sha-w- c:\windows\sminst\HPCD.sys
2007-08-14 22:59:23 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 23:16:50.96 ===============