Capt Redeye
2011-09-27, 20:44
I would appreciate some assistance for my system in regards to the links that Google produces in both IE and Firefox. Standard direct to add after the search issue but am following protocol and not attempting to use others solutions.
Here is my DDS:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 9:11:57 on 2011-09-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1964 [GMT -8:00]
.
AV: The Shield Deluxe Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iexpore\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Logitech\LWS\Webcam Software\lws.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 192.168.2.1:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9d425283-d487-4337-bab6-ab8354a81457} - Search Toolbar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [LanguageShortcut] "d:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\iexpore\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-QBMJJ.exe" /REG /REGSVRMODE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: gmail.com\pop
Trusted Zone: gmail.com\smtp
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/gs.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222711484390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13
TCP: Interfaces\{AC1C7214-E4F4-434A-A184-8067D7244AD9} : DhcpNameServer = 209.165.131.12 209.165.131.13
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2487625&SearchSource=3&q={searchTerms}
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 pfmfs_463;pfmfs_463;c:\windows\system32\drivers\pfmfs_463.sys [2010-9-11 191848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-9-19 37376]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-9 22216]
R4 MBAMService;MBAMService;c:\program files\iexpore\mbamservice.exe [2011-4-9 366640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 Spooler32;Print Spooler ; [x]
S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-5-29 508160]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2011-09-27 05:48:57 794624 ----a-w- c:\windows\system32\spr32d35.dll
2011-09-16 05:41:14 709968 ----a-w- c:\windows\is-QBMJJ.exe
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 06:53:01 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR
2011-09-02 06:53:00 -------- d-----w- c:\windows\system32\drivers\umdf\ms-MY
2011-09-02 06:51:00 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2011-09-02 06:36:50 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\zh-CN
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ru-RU
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\pt-PT
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\pl-PL
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ms-MY
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ja-JP
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\hu-HU
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\cs-CZ
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 01:56:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 01:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-05 20:40:58 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-tw\ZuneDriver.dll.mui
2011-08-05 20:40:54 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-cn\ZuneDriver.dll.mui
2011-08-05 20:40:48 6144 ----a-w- c:\windows\system32\drivers\umdf\sv-se\ZuneDriver.dll.mui
2011-08-05 20:40:42 6144 ----a-w- c:\windows\system32\drivers\umdf\ru-ru\ZuneDriver.dll.mui
2011-08-05 20:40:36 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-pt\ZuneDriver.dll.mui
2011-08-05 20:40:30 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-br\ZuneDriver.dll.mui
2011-08-05 20:40:26 6144 ----a-w- c:\windows\system32\drivers\umdf\pl-pl\ZuneDriver.dll.mui
2011-08-05 20:40:18 6656 ----a-w- c:\windows\system32\drivers\umdf\nl-nl\ZuneDriver.dll.mui
2011-08-05 20:40:12 5632 ----a-w- c:\windows\system32\drivers\umdf\nb-no\ZuneDriver.dll.mui
2011-08-05 20:40:08 6144 ----a-w- c:\windows\system32\drivers\umdf\ms-my\ZuneDriver.dll.mui
2011-08-05 20:40:02 4096 ----a-w- c:\windows\system32\drivers\umdf\ko-kr\ZuneDriver.dll.mui
2011-08-05 20:39:56 4608 ----a-w- c:\windows\system32\drivers\umdf\ja-jp\ZuneDriver.dll.mui
2011-08-05 20:39:52 6656 ----a-w- c:\windows\system32\drivers\umdf\it-it\ZuneDriver.dll.mui
2011-08-05 20:39:46 6144 ----a-w- c:\windows\system32\drivers\umdf\id-id\ZuneDriver.dll.mui
2011-08-05 20:39:40 6656 ----a-w- c:\windows\system32\drivers\umdf\hu-hu\ZuneDriver.dll.mui
2011-08-05 20:39:36 6144 ----a-w- c:\windows\system32\drivers\umdf\fr-fr\ZuneDriver.dll.mui
2011-08-05 20:39:30 6144 ----a-w- c:\windows\system32\drivers\umdf\fi-fi\ZuneDriver.dll.mui
2011-08-05 20:39:24 6656 ----a-w- c:\windows\system32\drivers\umdf\es-es\ZuneDriver.dll.mui
2011-08-05 20:39:18 6656 ----a-w- c:\windows\system32\drivers\umdf\el-gr\ZuneDriver.dll.mui
2011-08-05 20:39:12 6144 ----a-w- c:\windows\system32\drivers\umdf\de-de\ZuneDriver.dll.mui
2011-08-05 20:39:06 6144 ----a-w- c:\windows\system32\drivers\umdf\da-dk\ZuneDriver.dll.mui
2011-08-05 20:39:00 5632 ----a-w- c:\windows\system32\drivers\umdf\cs-cz\ZuneDriver.dll.mui
2011-08-05 20:26:34 6144 ----a-w- c:\windows\system32\drivers\umdf\en-us\ZuneDriver.dll.mui
2011-08-05 20:12:32 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
2011-07-21 10:42:04 0 ---ha-w- c:\documents and settings\administrator\ahlpawxtaw.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-29 20:02:32 332800 ----a-w- c:\windows\system32\ZuneCoInst.dll
2011-06-29 20:02:26 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2011-06-29 20:02:24 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2011-06-29 20:02:24 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2011-06-29 20:02:24 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2011-06-29 20:02:22 796672 ----a-w- c:\windows\system32\drivers\umdf\ZuneDriver.dll
2011-06-29 20:02:22 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2011-06-29 20:02:20 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
.
============= FINISH: 9:12:51.84 ===============
Much appreciation for the great work that is done here!
Here is my DDS:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 9:11:57 on 2011-09-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.1964 [GMT -8:00]
.
AV: The Shield Deluxe Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iexpore\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\seccenter.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Logitech\LWS\Webcam Software\lws.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = 192.168.2.1:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearchAssistant =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {9d425283-d487-4337-bab6-ab8354a81457} - Search Toolbar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [LanguageShortcut] "d:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\iexpore\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-QBMJJ.exe" /REG /REGSVRMODE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: gmail.com\pop
Trusted Zone: gmail.com\smtp
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/gs.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222711484390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.165.131.12 209.165.131.13
TCP: Interfaces\{AC1C7214-E4F4-434A-A184-8067D7244AD9} : DhcpNameServer = 209.165.131.12 209.165.131.13
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2487625&SearchSource=3&q={searchTerms}
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1k5bie01.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 pfmfs_463;pfmfs_463;c:\windows\system32\drivers\pfmfs_463.sys [2010-9-11 191848]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-9-19 37376]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
R4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-9 22216]
R4 MBAMService;MBAMService;c:\program files\iexpore\mbamservice.exe [2011-4-9 366640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S2 Spooler32;Print Spooler ; [x]
S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\common files\the shield deluxe\the shield deluxe arrakis server\bin\arrakis3.exe [2009-9-13 183880]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [2007-5-29 508160]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
.
=============== Created Last 30 ================
.
2011-09-27 05:48:57 794624 ----a-w- c:\windows\system32\spr32d35.dll
2011-09-16 05:41:14 709968 ----a-w- c:\windows\is-QBMJJ.exe
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 06:53:01 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR
2011-09-02 06:53:00 -------- d-----w- c:\windows\system32\drivers\umdf\ms-MY
2011-09-02 06:51:00 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2011-09-02 06:36:50 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\zh-CN
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ru-RU
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\pt-PT
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\pl-PL
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ms-MY
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\ja-JP
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\hu-HU
2011-09-02 06:35:47 -------- d-----w- c:\windows\system32\cs-CZ
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 01:56:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 01:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-05 20:40:58 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-tw\ZuneDriver.dll.mui
2011-08-05 20:40:54 3584 ----a-w- c:\windows\system32\drivers\umdf\zh-cn\ZuneDriver.dll.mui
2011-08-05 20:40:48 6144 ----a-w- c:\windows\system32\drivers\umdf\sv-se\ZuneDriver.dll.mui
2011-08-05 20:40:42 6144 ----a-w- c:\windows\system32\drivers\umdf\ru-ru\ZuneDriver.dll.mui
2011-08-05 20:40:36 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-pt\ZuneDriver.dll.mui
2011-08-05 20:40:30 6144 ----a-w- c:\windows\system32\drivers\umdf\pt-br\ZuneDriver.dll.mui
2011-08-05 20:40:26 6144 ----a-w- c:\windows\system32\drivers\umdf\pl-pl\ZuneDriver.dll.mui
2011-08-05 20:40:18 6656 ----a-w- c:\windows\system32\drivers\umdf\nl-nl\ZuneDriver.dll.mui
2011-08-05 20:40:12 5632 ----a-w- c:\windows\system32\drivers\umdf\nb-no\ZuneDriver.dll.mui
2011-08-05 20:40:08 6144 ----a-w- c:\windows\system32\drivers\umdf\ms-my\ZuneDriver.dll.mui
2011-08-05 20:40:02 4096 ----a-w- c:\windows\system32\drivers\umdf\ko-kr\ZuneDriver.dll.mui
2011-08-05 20:39:56 4608 ----a-w- c:\windows\system32\drivers\umdf\ja-jp\ZuneDriver.dll.mui
2011-08-05 20:39:52 6656 ----a-w- c:\windows\system32\drivers\umdf\it-it\ZuneDriver.dll.mui
2011-08-05 20:39:46 6144 ----a-w- c:\windows\system32\drivers\umdf\id-id\ZuneDriver.dll.mui
2011-08-05 20:39:40 6656 ----a-w- c:\windows\system32\drivers\umdf\hu-hu\ZuneDriver.dll.mui
2011-08-05 20:39:36 6144 ----a-w- c:\windows\system32\drivers\umdf\fr-fr\ZuneDriver.dll.mui
2011-08-05 20:39:30 6144 ----a-w- c:\windows\system32\drivers\umdf\fi-fi\ZuneDriver.dll.mui
2011-08-05 20:39:24 6656 ----a-w- c:\windows\system32\drivers\umdf\es-es\ZuneDriver.dll.mui
2011-08-05 20:39:18 6656 ----a-w- c:\windows\system32\drivers\umdf\el-gr\ZuneDriver.dll.mui
2011-08-05 20:39:12 6144 ----a-w- c:\windows\system32\drivers\umdf\de-de\ZuneDriver.dll.mui
2011-08-05 20:39:06 6144 ----a-w- c:\windows\system32\drivers\umdf\da-dk\ZuneDriver.dll.mui
2011-08-05 20:39:00 5632 ----a-w- c:\windows\system32\drivers\umdf\cs-cz\ZuneDriver.dll.mui
2011-08-05 20:26:34 6144 ----a-w- c:\windows\system32\drivers\umdf\en-us\ZuneDriver.dll.mui
2011-08-05 20:12:32 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys
2011-07-21 10:42:04 0 ---ha-w- c:\documents and settings\administrator\ahlpawxtaw.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-29 20:02:32 332800 ----a-w- c:\windows\system32\ZuneCoInst.dll
2011-06-29 20:02:26 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2011-06-29 20:02:24 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2011-06-29 20:02:24 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2011-06-29 20:02:24 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2011-06-29 20:02:22 796672 ----a-w- c:\windows\system32\drivers\umdf\ZuneDriver.dll
2011-06-29 20:02:22 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2011-06-29 20:02:20 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
.
============= FINISH: 9:12:51.84 ===============
Much appreciation for the great work that is done here!