WickedE
2011-06-20, 19:44
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Eugenie at 13:22:48 on 2011-06-20
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.119 [GMT -4:00]
.
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
I have already 'spoken' with Tashi in the Tavern secton and she has now asked me to come to this section... this is the link to our previous discourse:
http://forums.spybot.info/showthread.php?t=63124 (Add - I have found that McAfee is also on my Toshiba computer whilst before coming to spybot I loaded on Immunet from Google but that of course didn't work, surprise, surprise).
Basically I do believe I have been 'hi-jacked' by some malware but it is directed to just Google/MoraChat and I can now no longer log on to MoraChat, seeing as I am a Mod there, this is really serious. I have not been able to log on for the last three days, things are getting a bit urgent now.
Please be gentle with me as I am not computer 'savvy'.
Anyway you asked for my DDS:
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Windows\AsScrPro.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\BandaAnchaClaro\UIMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [ASUS WebStorage] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
StartupFolder: c:\users\eugenie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\eugenie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: Interfaces\{0A6A44B1-B65B-4838-ACCB-48FCAABF5EB0} : DhcpNameServer = 200.42.213.11 200.42.213.21
TCP: Interfaces\{2417229B-93DA-40AE-AD9A-B69D5A9048B8} : DhcpNameServer = 10.22.0.1 66.103.89.141 66.103.80.4
TCP: Interfaces\{2417229B-93DA-40AE-AD9A-B69D5A9048B8}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{52B680AA-AB43-4A77-87E0-1702DEBCE404} : NameServer = 196.3.81.5 200.88.127.23
TCP: Interfaces\{EA22829A-2A20-4D75-BC2F-6BE616B792CD} : NameServer = 10.203.129.68 10.203.129.68
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~4\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-6 11448]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-18 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-18 31184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-6 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-14 51712]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-4 43944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-6-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-4-8 9216]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-4-8 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-4-8 194048]
.
=============== Created Last 30 ================
.
2011-06-18 23:06:03 -------- d-----w- c:\windows\system32\SPReview
2011-06-18 23:01:36 -------- d-----w- c:\windows\system32\EventProviders
2011-06-18 19:17:34 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4700aa41-435c-4bfe-8a9b-98906ca6ba43}\mpengine.dll
2011-06-18 18:51:02 -------- d-----w- c:\users\eugenie\appdata\local\Immunet
2011-06-18 18:51:02 -------- d-----w- c:\programdata\Immunet
2011-06-18 18:50:51 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-06-18 18:50:47 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-06-18 18:50:37 -------- d-----w- c:\program files\Immunet Protect
2011-06-18 18:33:20 -------- d-----w- c:\program files\common files\WebM Project
2011-06-15 00:24:02 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 00:24:02 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 00:24:02 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 00:01:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 00:01:42 189952 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 00:01:42 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-06-15 00:01:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-14 23:53:35 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 23:53:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 23:53:34 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-14 23:35:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 23:35:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:34:24 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-14 23:34:24 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-14 23:34:22 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-14 23:33:57 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 23:33:57 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 23:33:57 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 17:30:58 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-10 17:29:59 782336 ----a-w- c:\windows\system32\webservices.dll
2011-06-10 17:28:59 95232 ----a-w- c:\windows\system32\logagent.exe
2011-06-10 17:27:17 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-10 17:27:17 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-10 17:27:17 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-10 17:27:17 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-10 17:26:55 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-10 17:26:41 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-10 17:26:41 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-10 17:25:34 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-10 17:25:33 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-29 18:49:12 -------- d-----w- c:\programdata\Skype Extras
2011-05-24 23:59:23 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 05:16:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-21 20:22:37 -------- d-----w- c:\program files\TelevisionFanatic
2011-05-21 20:12:04 -------- d-----w- c:\program files\TelevisionFanaticEI
.
==================== Find3M ====================
.
2011-06-18 23:51:32 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 13:27:35.46 ===============
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Eugenie at 13:22:48 on 2011-06-20
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1014.119 [GMT -4:00]
.
AV: Immunet Protect *Enabled/Updated* {E26D838D-778A-C93D-0B41-46E786995C11}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
I have already 'spoken' with Tashi in the Tavern secton and she has now asked me to come to this section... this is the link to our previous discourse:
http://forums.spybot.info/showthread.php?t=63124 (Add - I have found that McAfee is also on my Toshiba computer whilst before coming to spybot I loaded on Immunet from Google but that of course didn't work, surprise, surprise).
Basically I do believe I have been 'hi-jacked' by some malware but it is directed to just Google/MoraChat and I can now no longer log on to MoraChat, seeing as I am a Mod there, this is really serious. I have not been able to log on for the last three days, things are getting a bit urgent now.
Please be gentle with me as I am not computer 'savvy'.
Anyway you asked for my DDS:
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TELEVI~2\bar\1.bin\64barsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Windows\AsScrPro.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
C:\Program Files\ASUS\LivCam\LivCam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\BandaAnchaClaro\UIMain.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.google.com/mail/?shva=1#inbox
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: N/A: {0696f815-a3a9-490a-bb14-9ec3350b1276} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Assistant BHO: {5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files\televisionfanatic\bar\1.bin\64SrcAs.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Toolbar BHO: {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~1\televi~2\bar\1.bin\64bar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: TelevisionFanatic: {c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files\televisionfanatic\bar\1.bin\64bar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [EeeSplendidAgent] c:\program files\asus\epc\eeesplendid\AsAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
mRun: [ASUS WebStorage] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
mRun: [TelevisionFanatic Browser Plugin Loader] c:\progra~1\televi~2\bar\1.bin\64brmon.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Immunet Protect] "c:\program files\immunet protect\2.0.17\iptray.exe"
StartupFolder: c:\users\eugenie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\eugenie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: Interfaces\{0A6A44B1-B65B-4838-ACCB-48FCAABF5EB0} : DhcpNameServer = 200.42.213.11 200.42.213.21
TCP: Interfaces\{2417229B-93DA-40AE-AD9A-B69D5A9048B8} : DhcpNameServer = 10.22.0.1 66.103.89.141 66.103.80.4
TCP: Interfaces\{2417229B-93DA-40AE-AD9A-B69D5A9048B8}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{52B680AA-AB43-4A77-87E0-1702DEBCE404} : NameServer = 196.3.81.5 200.88.127.23
TCP: Interfaces\{EA22829A-2A20-4D75-BC2F-6BE616B792CD} : NameServer = 10.203.129.68 10.203.129.68
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~4\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-6 11448]
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-6-18 41424]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-6-18 31184]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-6 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-8-14 51712]
R3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\drivers\vodafone_K380x-z_dc_enum.sys [2010-5-20 61952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-4 43944]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-30 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-6-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-4 136176]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-4-8 9216]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-10 52224]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2011-4-8 105856]
S3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\drivers\ZTEusbwwan.sys [2011-4-8 194048]
.
=============== Created Last 30 ================
.
2011-06-18 23:06:03 -------- d-----w- c:\windows\system32\SPReview
2011-06-18 23:01:36 -------- d-----w- c:\windows\system32\EventProviders
2011-06-18 19:17:34 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4700aa41-435c-4bfe-8a9b-98906ca6ba43}\mpengine.dll
2011-06-18 18:51:02 -------- d-----w- c:\users\eugenie\appdata\local\Immunet
2011-06-18 18:51:02 -------- d-----w- c:\programdata\Immunet
2011-06-18 18:50:51 31184 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-06-18 18:50:47 41424 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-06-18 18:50:37 -------- d-----w- c:\program files\Immunet Protect
2011-06-18 18:33:20 -------- d-----w- c:\program files\common files\WebM Project
2011-06-15 00:24:02 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 00:24:02 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 00:24:02 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 00:01:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 00:01:42 189952 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-15 00:01:42 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-06-15 00:01:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-14 23:53:35 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-14 23:53:34 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 23:53:34 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-14 23:35:27 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 23:35:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 23:34:24 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-14 23:34:24 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-14 23:34:22 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-06-14 23:33:57 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 23:33:57 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 23:33:57 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-10 17:30:58 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-10 17:29:59 782336 ----a-w- c:\windows\system32\webservices.dll
2011-06-10 17:28:59 95232 ----a-w- c:\windows\system32\logagent.exe
2011-06-10 17:27:17 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-10 17:27:17 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-06-10 17:27:17 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-10 17:27:17 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-10 17:26:55 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-10 17:26:41 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-10 17:26:41 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-10 17:25:34 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-10 17:25:33 257024 ----a-w- c:\windows\system32\dpx.dll
2011-05-29 18:49:12 -------- d-----w- c:\programdata\Skype Extras
2011-05-24 23:59:23 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 05:16:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-21 20:22:37 -------- d-----w- c:\program files\TelevisionFanatic
2011-05-21 20:12:04 -------- d-----w- c:\program files\TelevisionFanaticEI
.
==================== Find3M ====================
.
2011-06-18 23:51:32 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 06:02:25 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 02:58:37 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58:07 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57:58 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57:58 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 02:57:56 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57:53 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
.
============= FINISH: 13:27:35.46 ===============