cspitz
2010-11-01, 05:33
After several attempts, Spybot S&D won't remove win32.banker.fgv. It says it is fixed, but each time I run it again, the same problems shows up. Please help. Thanks. Clay
DDS (Ver_10-10-31.01) - NTFSx86
Run by Clay at 22:10:41.13 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.717 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Clay\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.18.0.14\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\program files\plaxo\3.18.0.14\PlaxoSysTray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRunOnce: [SpybotDeletingB112] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD3872] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB2479] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD3694] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB6477] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD7816] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB7657] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD8165] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB4918] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD2676] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB919] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD273] cmd.exe /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingB8186] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD8503] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB7164] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD1582] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB666] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD4504] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB5933] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD44] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB6589] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD5719] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB2131] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD4911] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [SpybotDeletingA6396] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC8590] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA6105] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC5170] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA5611] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC1884] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA9219] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC4746] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA6884] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC6975] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA4627] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC6960] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingA4991] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC4144] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA4867] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC7766] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA8340] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC3700] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA1800] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC9238] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA3565] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC2522] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA3060] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC6885] cmd.exe /c del "c:\windows\system32\VACFix.exe"
StartupFolder: c:\users\clay\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\clay\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\516\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-27 214664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-27 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-27 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-27 40552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-31 21504]
=============== Created Last 30 ================
2010-10-29 07:24:18 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7e524869-c3e2-4c3d-8bca-8228bf364d31}\mpengine.dll
2010-10-27 01:56:49 -------- d-----w- c:\users\clay\appdata\local\Windows Live
2010-10-27 01:53:54 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-26 17:28:33 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:28:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 17:28:32 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-24 16:04:14 -------- d-----w- c:\progra~2\McAfee Security Scan
2010-10-24 16:04:08 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-14 18:25:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 18:25:22 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 18:24:31 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 18:24:31 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 18:24:31 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 18:24:30 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 18:24:30 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
==================== Find3M ====================
2010-10-30 19:31:11 256 ----a-w- c:\windows\system32\pool.bin
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2009-01-14 13:03:46 19333112 ----a-w- c:\program files\DivXInstaller.exe
2008-07-20 14:27:31 1495112 ----a-w- c:\program files\install_flash_player.exe
============= FINISH: 22:12:35.31 ===============
Spybot S&D Results:
Win32.Banker.fgv: [SBI $ECF63A22] Executable (File, nothing done)
C:\Windows\System32\404Fix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\Agent.OMZ.Fix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\o4Patch.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\IEDFix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\IEDFix.C.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\VACFix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2010-01-26 spybotsd162.exe (1.6.2.0)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-26 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-26 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
DDS (Ver_10-10-31.01) - NTFSx86
Run by Clay at 22:10:41.13 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2039.717 [GMT -5:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Plaxo\3.18.0.14\PlaxoHelper_en.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Clay\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Clay\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PlaxoUpdate] c:\program files\plaxo\3.18.0.14\PlaxoHelper_en.exe -a
uRun: [PlaxoSysTray] c:\program files\plaxo\3.18.0.14\PlaxoSysTray.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRunOnce: [SpybotDeletingB112] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD3872] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB2479] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD3694] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB6477] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD7816] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB7657] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD8165] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB4918] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD2676] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB919] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD273] cmd.exe /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingB8186] command.com /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingD8503] cmd.exe /c del "c:\windows\system32\404Fix.exe"
uRunOnce: [SpybotDeletingB7164] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingD1582] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
uRunOnce: [SpybotDeletingB666] command.com /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingD4504] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
uRunOnce: [SpybotDeletingB5933] command.com /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingD44] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
uRunOnce: [SpybotDeletingB6589] command.com /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingD5719] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
uRunOnce: [SpybotDeletingB2131] command.com /c del "c:\windows\system32\VACFix.exe"
uRunOnce: [SpybotDeletingD4911] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [SpybotDeletingA6396] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC8590] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA6105] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC5170] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA5611] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC1884] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA9219] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC4746] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA6884] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC6975] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA4627] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC6960] cmd.exe /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingA4991] command.com /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingC4144] cmd.exe /c del "c:\windows\system32\404Fix.exe"
mRunOnce: [SpybotDeletingA4867] command.com /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingC7766] cmd.exe /c del "c:\windows\system32\Agent.OMZ.Fix.exe"
mRunOnce: [SpybotDeletingA8340] command.com /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingC3700] cmd.exe /c del "c:\windows\system32\o4Patch.exe"
mRunOnce: [SpybotDeletingA1800] command.com /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingC9238] cmd.exe /c del "c:\windows\system32\IEDFix.exe"
mRunOnce: [SpybotDeletingA3565] command.com /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingC2522] cmd.exe /c del "c:\windows\system32\IEDFix.C.exe"
mRunOnce: [SpybotDeletingA3060] command.com /c del "c:\windows\system32\VACFix.exe"
mRunOnce: [SpybotDeletingC6885] cmd.exe /c del "c:\windows\system32\VACFix.exe"
StartupFolder: c:\users\clay\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\clay\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\516\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\clay\appdata\roaming\mozilla\firefox\profiles\egsc2n9x.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-27 214664]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-27 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-27 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-27 40552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-31 21504]
=============== Created Last 30 ================
2010-10-29 07:24:18 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7e524869-c3e2-4c3d-8bca-8228bf364d31}\mpengine.dll
2010-10-27 01:56:49 -------- d-----w- c:\users\clay\appdata\local\Windows Live
2010-10-27 01:53:54 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-26 17:28:33 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:28:32 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 17:28:32 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-24 16:04:14 -------- d-----w- c:\progra~2\McAfee Security Scan
2010-10-24 16:04:08 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-14 18:25:22 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 18:25:22 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 18:24:31 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 18:24:31 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 18:24:31 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 18:24:30 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 18:24:30 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
==================== Find3M ====================
2010-10-30 19:31:11 256 ----a-w- c:\windows\system32\pool.bin
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2009-01-14 13:03:46 19333112 ----a-w- c:\program files\DivXInstaller.exe
2008-07-20 14:27:31 1495112 ----a-w- c:\program files\install_flash_player.exe
============= FINISH: 22:12:35.31 ===============
Spybot S&D Results:
Win32.Banker.fgv: [SBI $ECF63A22] Executable (File, nothing done)
C:\Windows\System32\404Fix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\Agent.OMZ.Fix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\o4Patch.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\IEDFix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\IEDFix.C.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Win32.Banker.fgv: [SBI $97D67C3B] Executable (File, nothing done)
C:\Windows\System32\VACFix.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2010-01-26 spybotsd162.exe (1.6.2.0)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-08-08 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-10-12 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-10-12 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-10-12 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-10-12 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-26 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-10-12 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-10-26 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-10-12 Includes\TrojansC-02.sbi (*)
2010-10-12 Includes\TrojansC-03.sbi (*)
2010-10-12 Includes\TrojansC-04.sbi (*)
2010-10-26 Includes\TrojansC-05.sbi (*)
2010-10-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll