Topken
2011-06-23, 19:27
I am currently working on a clients laptop running windows xp home. Ineternet explorer keeps opening and DEP keeps coming on and closing it without me even opening it. and on top of that I can not get google to redirect to me to links I click on for search results. I used spybot search and destroy to remove some annoying viruses that kept the computer from opening taskmanager and a few other things that need admin privalges and it was preventing it from giving those.
Heres the DDS file
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Charlie Ross at 13:20:06 on 2011-06-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.327 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mae mae\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300056452912
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{80387E96-3ADA-432A-A8EC-AA41E612BF08} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{ABE26E8B-FD6E-4E7E-995D-FE965E978BD0} : NameServer = 8.8.8.8,8.8.4.4
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\charlie ross\application data\mozilla\firefox\profiles\dvnyv4s3.default\
FF - plugin: c:\documents and settings\charlie ross\application data\mozilla\firefox\profiles\dvnyv4s3.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-25 165264]
R1 MpKsl895a83f4;MpKsl895a83f4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\MpKsl895a83f4.sys [2011-6-23 28752]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-1-19 127016]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-18 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-18 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-18 3515656]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-18 3769048]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
S1 MpKsl247fa00f;MpKsl247fa00f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed768c8a-b32a-41ed-ae85-f90932c8bfd8}\mpksl247fa00f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed768c8a-b32a-41ed-ae85-f90932c8bfd8}\MpKsl247fa00f.sys [?]
S1 MpKslf82e36c0;MpKslf82e36c0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8884ac4-2a9e-46fd-b1b0-bc086d7fa344}\mpkslf82e36c0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8884ac4-2a9e-46fd-b1b0-bc086d7fa344}\MpKslf82e36c0.sys [?]
S1 MpKslf9de5691;MpKslf9de5691;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{daac3f57-200a-457e-a729-d4a7398a5074}\mpkslf9de5691.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{daac3f57-200a-457e-a729-d4a7398a5074}\MpKslf9de5691.sys [?]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-1-19 1118248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-18 167040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-06-23 15:40:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\MpKsl895a83f4.sys
2011-06-23 15:38:47 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\mpengine.dll
2011-06-23 15:34:42 -------- d-----w- c:\windows\system32\winrm
2011-06-23 15:34:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-23 15:33:58 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Identities
2011-06-23 15:33:51 -------- d-----w- c:\documents and settings\charlie ross\application data\Windows Desktop Search
2011-06-23 15:31:38 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-23 15:31:37 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-23 15:29:14 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-23 15:29:14 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-23 15:29:13 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-23 15:29:04 -------- d-----w- C:\b39d55a7738c245d40b11d7e
2011-06-23 15:15:06 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Mozilla
2011-06-23 15:07:40 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-06-23 04:32:21 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\ApplicationHistory
2011-06-22 06:57:46 -------- d-----w- C:\186e105ef843057e28
2011-06-22 06:27:12 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-22 06:23:04 -------- d-----w- c:\program files\CONEXANT
2011-06-22 06:20:59 -------- d-----w- c:\windows\system32\URTTEMP
2011-06-22 06:19:08 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-21 22:16:41 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-21 22:15:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-21 22:15:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-21 22:15:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-21 22:15:17 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-21 22:15:17 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-21 22:15:16 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-21 22:15:16 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-21 22:15:16 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-21 22:15:16 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-21 22:15:15 -------- d-----w- C:\9a30f7bce1fe4468c7b3f3
2011-06-21 04:21:36 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-21 04:13:06 -------- d-----w- c:\documents and settings\charlie ross\application data\iolo
2011-06-21 03:04:46 -------- d-----w- c:\windows\Performance
2011-06-21 03:04:35 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Microsoft Corporation
2011-06-20 18:53:26 -------- d-----w- c:\documents and settings\charlie ross\application data\Malwarebytes
2011-06-20 18:52:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-20 18:07:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 16:52:10 -------- d-----w- c:\windows\Internet Logs
2011-06-19 15:54:55 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-18 18:37:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-18 18:34:34 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-06-18 18:32:49 770384 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-18 18:32:49 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-18 18:32:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-06-18 18:17:25 -------- d-----w- c:\program files\CCleaner
2011-06-18 17:52:10 -------- d-----w- c:\windows\system32\LogFiles
2011-06-18 17:51:18 -------- d-sh--w- c:\documents and settings\charlie ross\PrivacIE
2011-06-18 17:51:04 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Google
2011-06-18 17:47:44 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-18 17:47:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-18 17:47:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-18 01:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-18 01:47:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-18 01:23:19 -------- d-----w- c:\windows\pss
2011-06-17 21:27:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 16:36:51 -------- d-----w- c:\program files\Nitto 1320 Legends
.
==================== Find3M ====================
.
2011-05-20 02:52:49 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 13:22:35.28 ===============
Heres the DDS file
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Charlie Ross at 13:20:06 on 2011-06-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.327 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\mae mae\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300056452912
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{80387E96-3ADA-432A-A8EC-AA41E612BF08} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{ABE26E8B-FD6E-4E7E-995D-FE965E978BD0} : NameServer = 8.8.8.8,8.8.4.4
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\charlie ross\application data\mozilla\firefox\profiles\dvnyv4s3.default\
FF - plugin: c:\documents and settings\charlie ross\application data\mozilla\firefox\profiles\dvnyv4s3.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: IE Tab 2 (FF 3.6+): {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} - %profile%\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-25 165264]
R1 MpKsl895a83f4;MpKsl895a83f4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\MpKsl895a83f4.sys [2011-6-23 28752]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-1-19 127016]
R2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-18 3585696]
R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-18 3834456]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-18 3515656]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-18 3769048]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
S1 MpKsl247fa00f;MpKsl247fa00f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed768c8a-b32a-41ed-ae85-f90932c8bfd8}\mpksl247fa00f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ed768c8a-b32a-41ed-ae85-f90932c8bfd8}\MpKsl247fa00f.sys [?]
S1 MpKslf82e36c0;MpKslf82e36c0;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8884ac4-2a9e-46fd-b1b0-bc086d7fa344}\mpkslf82e36c0.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8884ac4-2a9e-46fd-b1b0-bc086d7fa344}\MpKslf82e36c0.sys [?]
S1 MpKslf9de5691;MpKslf9de5691;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{daac3f57-200a-457e-a729-d4a7398a5074}\mpkslf9de5691.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{daac3f57-200a-457e-a729-d4a7398a5074}\MpKslf9de5691.sys [?]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-1-19 1118248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-18 167040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 136176]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-06-23 15:40:37 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\MpKsl895a83f4.sys
2011-06-23 15:38:47 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6dda250c-8ba9-4f54-8f7d-9c0c7278f0f3}\mpengine.dll
2011-06-23 15:34:42 -------- d-----w- c:\windows\system32\winrm
2011-06-23 15:34:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-23 15:33:58 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Identities
2011-06-23 15:33:51 -------- d-----w- c:\documents and settings\charlie ross\application data\Windows Desktop Search
2011-06-23 15:31:38 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-23 15:31:37 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-23 15:29:14 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-23 15:29:14 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-23 15:29:13 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-23 15:29:04 -------- d-----w- C:\b39d55a7738c245d40b11d7e
2011-06-23 15:15:06 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Mozilla
2011-06-23 15:07:40 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-06-23 04:32:21 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\ApplicationHistory
2011-06-22 06:57:46 -------- d-----w- C:\186e105ef843057e28
2011-06-22 06:27:12 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-22 06:23:04 -------- d-----w- c:\program files\CONEXANT
2011-06-22 06:20:59 -------- d-----w- c:\windows\system32\URTTEMP
2011-06-22 06:19:08 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-21 22:16:41 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-21 22:15:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-21 22:15:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-21 22:15:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-21 22:15:17 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-21 22:15:17 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-21 22:15:16 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-21 22:15:16 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-21 22:15:16 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-21 22:15:16 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-21 22:15:15 -------- d-----w- C:\9a30f7bce1fe4468c7b3f3
2011-06-21 04:21:36 -------- d--h--w- c:\windows\msdownld.tmp
2011-06-21 04:13:06 -------- d-----w- c:\documents and settings\charlie ross\application data\iolo
2011-06-21 03:04:46 -------- d-----w- c:\windows\Performance
2011-06-21 03:04:35 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Microsoft Corporation
2011-06-20 18:53:26 -------- d-----w- c:\documents and settings\charlie ross\application data\Malwarebytes
2011-06-20 18:52:48 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-20 18:07:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 16:52:10 -------- d-----w- c:\windows\Internet Logs
2011-06-19 15:54:55 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-06-18 18:37:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-18 18:34:34 15224 ----a-w- c:\windows\system32\sdnclean.exe
2011-06-18 18:32:49 770384 ----a-w- c:\windows\system32\msvcr100.dll
2011-06-18 18:32:49 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-06-18 18:32:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-06-18 18:17:25 -------- d-----w- c:\program files\CCleaner
2011-06-18 17:52:10 -------- d-----w- c:\windows\system32\LogFiles
2011-06-18 17:51:18 -------- d-sh--w- c:\documents and settings\charlie ross\PrivacIE
2011-06-18 17:51:04 -------- d-----w- c:\documents and settings\charlie ross\local settings\application data\Google
2011-06-18 17:47:44 215920 ----a-w- c:\windows\system32\muweb.dll
2011-06-18 17:47:44 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-18 17:47:43 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-18 01:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-18 01:47:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-18 01:23:19 -------- d-----w- c:\windows\pss
2011-06-17 21:27:47 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-12 16:36:51 -------- d-----w- c:\program files\Nitto 1320 Legends
.
==================== Find3M ====================
.
2011-05-20 02:52:49 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 13:22:35.28 ===============