khignutt
2011-04-02, 18:07
Cant seem to get rid of thie malware. I have read the other posts but werent for my system so I figured Id post for mine. I have windows 7 32-bit on this computer. The log from DDS is as follows:
.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by c-hignutk at 11:05:35.63 on Sat 04/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2030.1017 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Program Files\Symantec\pcAnywhere\pcaEvents.exe
C:\Program Files\Mail Attender Desktop\maDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files\Mail Attender Desktop\maProxy.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\c-hignutk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZRLAJOE\dds[1].scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by IGT
uStart Page = hxxp://insideigt.com
uDefault_Page_URL = hxxp://insideigt.com
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [MADeskSvc] "c:\program files\mail attender desktop\maProxy.exe" -Hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR0pSVzItTlFIWEMtUVQ3T0otMlk0VEstOQ"&"inst=NzYtNzYyMjE2NTQw"&"prod=92"&"ver=10.0.1204
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: rnocmsprd01
Trusted Zone: rnocmsprd01
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxp://rnoaltiris4.is.ad.igt.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/VSFlex8.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs:
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2009-8-11 1246544]
R2 HiiLib32;HiiLib32;c:\windows\system32\drivers\HiiLib32.sys [2004-3-1 102352]
R2 Mail Attender Desktop Service;Mail Attender Desktop Service;c:\program files\mail attender desktop\maDesktop.exe [2011-2-25 230912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-1 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-27 1822296]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-25 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-25 102448]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2011-2-25 619816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ConfigService;Altiris Deployment Solution - System Configuration;c:\program files\altiris\altiris agent\agents\deployment\agent\ConfigService.exe [2010-9-3 234832]
S3 MeiUsb;MEI USB Driver;c:\windows\system32\drivers\MeiUsb.sys [2001-3-6 9599]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-25 1343400]
.
=============== Created Last 30 ================
.
2011-04-02 14:17:44 -------- d-----w- c:\users\c-hign~1\appdata\roaming\AVG10
2011-04-02 00:57:35 32768 ----a-w- c:\windows\UTLite.exe
2011-04-01 22:31:43 -------- d--h--w- c:\progra~2\Common Files
2011-04-01 22:31:00 -------- d-----w- c:\progra~2\AVG10
2011-04-01 22:30:33 -------- d-----w- c:\program files\AVG
2011-04-01 22:27:30 -------- d-----w- c:\progra~2\MFAData
2011-04-01 20:14:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-04-01 19:11:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-01 19:11:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-01 17:39:38 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-01 05:49:31 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-03-31 17:11:33 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-31 17:11:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-29 17:47:16 -------- d-----w- c:\users\c-hign~1\appdata\local\Mozilla
2011-03-28 15:29:24 -------- d-----w- c:\users\c-hign~1\appdata\local\Apple Computer
2011-03-28 15:29:11 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-28 15:29:11 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-28 15:28:43 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-22 15:51:53 -------- d-----w- c:\users\c-hign~1\appdata\local\Apple
2011-03-21 20:57:12 -------- d-----w- c:\program files\MEI
2011-03-21 20:31:08 -------- d-----w- c:\users\c-hign~1\appdata\local\HP
2011-03-21 20:27:28 167480 ----a-w- c:\windows\system32\hppccompio.dll
2011-03-21 20:27:27 176128 ----a-w- c:\windows\system32\hpcpn101.dll
2011-03-21 20:27:11 -------- d-----w- c:\program files\HP
2011-03-21 20:26:15 755256 ----a-w- c:\windows\system32\hpxp1530.dll
2011-03-21 20:26:14 751160 ----a-w- c:\windows\system32\hpptsp06.dll
2011-03-21 20:26:14 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2011-03-21 20:25:56 -------- d-----w- C:\M1530_MFP_Series_Basic_Solution
2011-03-16 17:09:35 -------- d-----w- C:\TECHS
2011-03-13 16:23:09 -------- d-----w- c:\program files\Veetle
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-08 15:13:10 -------- d-----w- c:\users\c-hign~1\appdata\local\Google
2011-03-06 18:56:00 -------- d-----w- c:\program files\vShare
2011-03-05 16:07:33 -------- d-----w- c:\users\c-hign~1\appdata\local\ElevatedDiagnostics
2011-03-04 15:30:39 -------- d-----w- c:\users\c-hignutk\SapWorkDir
2011-03-04 13:58:17 299008 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp101.dll
2011-03-04 13:58:12 245048 ----a-w- c:\windows\system32\hpbcoins32.dll
2011-03-04 13:50:11 -------- d-----w- c:\users\c-hign~1\appdata\local\assembly
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2009-10-07 16:46:28 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2009-10-07 16:46:28 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2009-10-07 16:46:28 3145728 ----a-w- c:\program files\common files\sapxlhelper.dll
2009-10-07 16:46:28 192512 ----a-w- c:\program files\common files\sapconsr3.dll
.
============= FINISH: 11:06:15.14 ===============
.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by c-hignutk at 11:05:35.63 on Sat 04/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2030.1017 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Program Files\Symantec\pcAnywhere\pcaEvents.exe
C:\Program Files\Mail Attender Desktop\maDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Program Files\Altiris\Dagent\dagent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Altiris\Dagent\dagentui.exe
C:\Program Files\Mail Attender Desktop\maProxy.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\c-hignutk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZRLAJOE\dds[1].scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by IGT
uStart Page = hxxp://insideigt.com
uDefault_Page_URL = hxxp://insideigt.com
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [DagentUI] c:\program files\altiris\dagent\dagentui.exe
mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon
mRun: [MADeskSvc] "c:\program files\mail attender desktop\maProxy.exe" -Hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFTWUwtR0pSVzItTlFIWEMtUVQ3T0otMlk0VEstOQ"&"inst=NzYtNzYyMjE2NTQw"&"prod=92"&"ver=10.0.1204
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: rnocmsprd01
Trusted Zone: rnocmsprd01
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxp://rnoaltiris4.is.ad.igt.com/aspnet_client/Altiris_AppWeaver/6_0_sp3/lib/VSFlex8.CAB
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs:
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\altiris\dagent\dagent.exe [2009-8-11 1246544]
R2 HiiLib32;HiiLib32;c:\windows\system32\drivers\HiiLib32.sys [2004-3-1 102352]
R2 Mail Attender Desktop Service;Mail Attender Desktop Service;c:\program files\mail attender desktop\maDesktop.exe [2011-2-25 230912]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-1 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-27 1822296]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-2-25 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-25 102448]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]
S3 AltirisAgentProvider;AltirisAgentProvider;c:\program files\altiris\altiris agent\agents\wmiprovideragent\AltirisAgentProvider.exe [2011-2-25 619816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ConfigService;Altiris Deployment Solution - System Configuration;c:\program files\altiris\altiris agent\agents\deployment\agent\ConfigService.exe [2010-9-3 234832]
S3 MeiUsb;MEI USB Driver;c:\windows\system32\drivers\MeiUsb.sys [2001-3-6 9599]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-25 1343400]
.
=============== Created Last 30 ================
.
2011-04-02 14:17:44 -------- d-----w- c:\users\c-hign~1\appdata\roaming\AVG10
2011-04-02 00:57:35 32768 ----a-w- c:\windows\UTLite.exe
2011-04-01 22:31:43 -------- d--h--w- c:\progra~2\Common Files
2011-04-01 22:31:00 -------- d-----w- c:\progra~2\AVG10
2011-04-01 22:30:33 -------- d-----w- c:\program files\AVG
2011-04-01 22:27:30 -------- d-----w- c:\progra~2\MFAData
2011-04-01 20:14:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-04-01 19:11:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-01 19:11:49 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-01 17:39:38 -------- d-----w- c:\program files\Free Window Registry Repair
2011-04-01 05:49:31 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-03-31 17:11:33 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-31 17:11:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-29 17:47:16 -------- d-----w- c:\users\c-hign~1\appdata\local\Mozilla
2011-03-28 15:29:24 -------- d-----w- c:\users\c-hign~1\appdata\local\Apple Computer
2011-03-28 15:29:11 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-28 15:29:11 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-28 15:28:43 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-22 15:52:42 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-22 15:51:53 -------- d-----w- c:\users\c-hign~1\appdata\local\Apple
2011-03-21 20:57:12 -------- d-----w- c:\program files\MEI
2011-03-21 20:31:08 -------- d-----w- c:\users\c-hign~1\appdata\local\HP
2011-03-21 20:27:28 167480 ----a-w- c:\windows\system32\hppccompio.dll
2011-03-21 20:27:27 176128 ----a-w- c:\windows\system32\hpcpn101.dll
2011-03-21 20:27:11 -------- d-----w- c:\program files\HP
2011-03-21 20:26:15 755256 ----a-w- c:\windows\system32\hpxp1530.dll
2011-03-21 20:26:14 751160 ----a-w- c:\windows\system32\hpptsp06.dll
2011-03-21 20:26:14 187960 ----a-w- c:\windows\system32\hppscancoins32.dll
2011-03-21 20:25:56 -------- d-----w- C:\M1530_MFP_Series_Basic_Solution
2011-03-16 17:09:35 -------- d-----w- C:\TECHS
2011-03-13 16:23:09 -------- d-----w- c:\program files\Veetle
2011-03-12 16:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-08 15:13:10 -------- d-----w- c:\users\c-hign~1\appdata\local\Google
2011-03-06 18:56:00 -------- d-----w- c:\program files\vShare
2011-03-05 16:07:33 -------- d-----w- c:\users\c-hign~1\appdata\local\ElevatedDiagnostics
2011-03-04 15:30:39 -------- d-----w- c:\users\c-hignutk\SapWorkDir
2011-03-04 13:58:17 299008 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp101.dll
2011-03-04 13:58:12 245048 ----a-w- c:\windows\system32\hpbcoins32.dll
2011-03-04 13:50:11 -------- d-----w- c:\users\c-hign~1\appdata\local\assembly
.
==================== Find3M ====================
.
2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-17 05:38:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys
2009-10-07 16:46:28 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2009-10-07 16:46:28 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2009-10-07 16:46:28 3145728 ----a-w- c:\program files\common files\sapxlhelper.dll
2009-10-07 16:46:28 192512 ----a-w- c:\program files\common files\sapconsr3.dll
.
============= FINISH: 11:06:15.14 ===============