gramarock
2012-06-26, 20:24
A couple weeks ago, I ran SpyBot and it detected a Trojan. After checking "Fix Problems", I restarted the computer and ended up with a black screen. After several restarts, I could get no further. I still had the Windows XP installation disk, so reinstalled the operating system and restored my files from my online backup service. I ran SpyBot again, and it was clean.
Last night, I couldn't get ANY program to open. It did allow me to run disk defragmenter, which I left on overnight. This morning, the computer seemed to be running and working fine. After running SpyBot again, the Trojan is back. It is Win32.BHO.acw. I'm afraid to click on "fix problems" again and possibly go back to that black screen. I did copy removal instructions to manually remove this Trojan, as posted by Friday on 11-29-08. However, I'm not confident enough to go ahead and do all that stuff on my own.
Following is the results list from my latest scan:IncrediBar: [SBI $43928D57] Program directory (Directory, nothing done)
C:\Documents and Settings\Faye\Local Settings\Temp\ImInstaller\
Win32.BHO.acw: [SBI $6E6ECB72] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\extension.DLL
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-08-07 unins000.exe (51.41.0.0)
2010-03-17 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I did download and run Erunt. The DDS.txt log is as follows:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Faye at 11:20:03 on 2012-06-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.198 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\VTTimer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drtel.net/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [cdloader] "c:\documents and settings\faye\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [VTTimer] VTTimer.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\faye\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\faye\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyst~1.lnk - c:\program files\mozy\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozy\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: brocksmovietrailers.com\www
Trusted Zone: magicjack.com\my
Trusted Zone: me.com\web
Trusted Zone: plaxo.com\www
Trusted Zone: talk4free.com\reg
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186450564609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.23.160.10 65.23.160.11
TCP: Interfaces\{1E35FE43-F76B-41AE-856E-651B4CF3BC95} : DhcpNameServer = 65.23.160.10 65.23.160.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\faye\application data\mozilla\firefox\profiles\pmfhvatm.faye\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2008-8-7 6097]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-30 185856]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-8-1 713728]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-16 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2008-8-7 299923]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S4 esihdrv;esihdrv;\??\c:\docume~1\faye\locals~1\temp\esihdrv.sys --> c:\docume~1\faye\locals~1\temp\esihdrv.sys [?]
S4 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
S4 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-12-7 93544]
.
=============== Created Last 30 ================
.
2012-06-23 14:04:53 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{aeeff050-b080-4bf2-8dc8-8231586980d7}\offreg.dll
2012-06-23 01:03:46 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-22 13:41:26 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{aeeff050-b080-4bf2-8dc8-8231586980d7}\mpengine.dll
2012-06-20 03:23:03 -------- d-----w- c:\program files\common files\xing shared
2012-06-20 03:22:05 129144 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-06-18 16:46:56 966656 ----a-r- c:\windows\system32\hpost_p03b.dll
2012-06-18 16:46:56 712704 ----a-r- c:\windows\system32\hposwia_p03b.dll
2012-06-18 16:46:56 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-06-18 16:46:56 315392 ----a-r- c:\windows\system32\hposc_p03a.dll
2012-06-18 16:46:56 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-06-18 13:21:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-18 13:20:35 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-18 13:20:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-18 13:19:11 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-18 13:16:03 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-18 13:14:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-18 13:14:02 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-18 13:13:31 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-18 13:13:04 1863168 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-06-18 13:12:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-18 13:12:56 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-06-17 03:28:06 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-06-17 03:28:06 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-06-17 03:26:57 81920 ------w- c:\windows\system32\ieencode.dll
2012-06-17 03:26:29 19569 ----a-w- c:\windows\003136_.tmp
2012-06-17 02:43:11 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-06-17 02:42:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-06-17 02:42:14 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-17 02:37:08 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-06-17 02:36:43 -------- d-----w- c:\documents and settings\faye\local settings\application data\Mozy Restore Manager
2012-06-17 02:33:41 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-06-17 02:33:27 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-06-17 01:56:38 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-17 01:56:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-17 01:56:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-17 01:56:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-17 01:56:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-17 01:56:34 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-17 01:56:31 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-06-16 04:44:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2012-06-16 04:43:59 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2012-06-16 04:42:58 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-06-16 04:40:18 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-06-16 04:40:18 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-06-16 04:19:55 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-06-16 04:19:55 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-06-16 04:19:55 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-06-16 04:19:55 13312 ----a-w- c:\windows\system32\irclass.dll
2012-06-16 04:19:42 14573 ----a-r- c:\windows\SET1E6.tmp
2012-06-16 04:19:36 13753 ----a-r- c:\windows\SET1B3.tmp
2012-06-16 04:19:34 1086058 ----a-r- c:\windows\SET1A7.tmp
2012-06-16 04:19:33 1042903 ----a-r- c:\windows\SET1A4.tmp
2012-06-14 16:23:52 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-06-14 16:23:52 29552 ----a-w- c:\windows\system32\mdimon.dll
2012-06-07 17:50:26 -------- d-----w- c:\program files\The Weather Channel
2012-06-07 17:31:54 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-07 17:31:53 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-05-31 13:22:09 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-05-30 15:51:35 -------- d-----w- c:\program files\Web Assistant
.
==================== Find3M ====================
.
2012-06-24 14:47:24 2400 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-23 23:18:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:18:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 03:21:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-20 03:21:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 20:57:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 20:57:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:21:54.23 ===============
Last night, I couldn't get ANY program to open. It did allow me to run disk defragmenter, which I left on overnight. This morning, the computer seemed to be running and working fine. After running SpyBot again, the Trojan is back. It is Win32.BHO.acw. I'm afraid to click on "fix problems" again and possibly go back to that black screen. I did copy removal instructions to manually remove this Trojan, as posted by Friday on 11-29-08. However, I'm not confident enough to go ahead and do all that stuff on my own.
Following is the results list from my latest scan:IncrediBar: [SBI $43928D57] Program directory (Directory, nothing done)
C:\Documents and Settings\Faye\Local Settings\Temp\ImInstaller\
Win32.BHO.acw: [SBI $6E6ECB72] Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\extension.DLL
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2007-08-07 unins000.exe (51.41.0.0)
2010-03-17 unins001.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2012-01-16 Includes\Adware.sbi (*)
2012-06-05 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2012-05-16 Includes\Hijackers.sbi (*)
2012-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2012-03-13 Includes\Keyloggers.sbi (*)
2012-03-13 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-04-17 Includes\Malware.sbi (*)
2012-06-05 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2012-05-29 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-05-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-06-12 Includes\TrojansC-02.sbi (*)
2012-06-06 Includes\TrojansC-03.sbi (*)
2012-06-11 Includes\TrojansC-04.sbi (*)
2012-05-23 Includes\TrojansC-05.sbi (*)
2012-06-12 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
I did download and run Erunt. The DDS.txt log is as follows:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Faye at 11:20:03 on 2012-06-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.198 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\VTTimer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\ups.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SandboxieCrypto.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drtel.net/
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - c:\program files\incredimail_mediabar_2\prxtbInc0.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [cdloader] "c:\documents and settings\faye\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [VTTimer] VTTimer.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\faye\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\faye\start menu\programs\startup\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyst~1.lnk - c:\program files\mozy\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozy\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: brocksmovietrailers.com\www
Trusted Zone: magicjack.com\my
Trusted Zone: me.com\web
Trusted Zone: plaxo.com\www
Trusted Zone: talk4free.com\reg
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186450564609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 65.23.160.10 65.23.160.11
TCP: Interfaces\{1E35FE43-F76B-41AE-856E-651B4CF3BC95} : DhcpNameServer = 65.23.160.10 65.23.160.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\faye\application data\mozilla\firefox\profiles\pmfhvatm.faye\
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hewlett-packard\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2008-8-7 6097]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-30 185856]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2007-8-1 713728]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-7 133392]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-16 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2008-8-7 299923]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-2-28 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S4 esihdrv;esihdrv;\??\c:\docume~1\faye\locals~1\temp\esihdrv.sys --> c:\docume~1\faye\locals~1\temp\esihdrv.sys [?]
S4 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
S4 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-12-7 93544]
.
=============== Created Last 30 ================
.
2012-06-23 14:04:53 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{aeeff050-b080-4bf2-8dc8-8231586980d7}\offreg.dll
2012-06-23 01:03:46 12557904 ----a-w- c:\documents and settings\all users\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
2012-06-22 13:41:26 6762896 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{aeeff050-b080-4bf2-8dc8-8231586980d7}\mpengine.dll
2012-06-20 03:23:03 -------- d-----w- c:\program files\common files\xing shared
2012-06-20 03:22:05 129144 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-06-18 16:46:56 966656 ----a-r- c:\windows\system32\hpost_p03b.dll
2012-06-18 16:46:56 712704 ----a-r- c:\windows\system32\hposwia_p03b.dll
2012-06-18 16:46:56 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2012-06-18 16:46:56 315392 ----a-r- c:\windows\system32\hposc_p03a.dll
2012-06-18 16:46:56 309760 ----a-r- c:\windows\system32\difxapi.dll
2012-06-18 13:21:07 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-06-18 13:20:35 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-06-18 13:20:19 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-06-18 13:19:11 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-06-18 13:16:03 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-06-18 13:14:21 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-06-18 13:14:02 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-06-18 13:13:31 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-18 13:13:04 1863168 -c----w- c:\windows\system32\dllcache\win32k.sys
2012-06-18 13:12:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-06-18 13:12:56 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-06-17 03:28:06 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2012-06-17 03:28:06 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2012-06-17 03:26:57 81920 ------w- c:\windows\system32\ieencode.dll
2012-06-17 03:26:29 19569 ----a-w- c:\windows\003136_.tmp
2012-06-17 02:43:11 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-06-17 02:42:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-06-17 02:42:14 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-06-17 02:37:08 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-06-17 02:36:43 -------- d-----w- c:\documents and settings\faye\local settings\application data\Mozy Restore Manager
2012-06-17 02:33:41 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-06-17 02:33:27 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-06-17 01:56:38 629760 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-06-17 01:56:38 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-06-17 01:56:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-06-17 01:56:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-06-17 01:56:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-06-17 01:56:34 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-06-17 01:56:31 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-06-16 04:44:59 79872 -c--a-w- c:\windows\system32\dllcache\rwia330.dll
2012-06-16 04:43:59 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2012-06-16 04:42:58 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2012-06-16 04:40:18 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-06-16 04:40:18 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-06-16 04:19:55 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-06-16 04:19:55 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-06-16 04:19:55 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-06-16 04:19:55 13312 ----a-w- c:\windows\system32\irclass.dll
2012-06-16 04:19:42 14573 ----a-r- c:\windows\SET1E6.tmp
2012-06-16 04:19:36 13753 ----a-r- c:\windows\SET1B3.tmp
2012-06-16 04:19:34 1086058 ----a-r- c:\windows\SET1A7.tmp
2012-06-16 04:19:33 1042903 ----a-r- c:\windows\SET1A4.tmp
2012-06-14 16:23:52 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-06-14 16:23:52 29552 ----a-w- c:\windows\system32\mdimon.dll
2012-06-07 17:50:26 -------- d-----w- c:\program files\The Weather Channel
2012-06-07 17:31:54 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-07 17:31:53 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-05-31 13:22:09 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-05-30 15:51:35 -------- d-----w- c:\program files\Web Assistant
.
==================== Find3M ====================
.
2012-06-24 14:47:24 2400 ----a-w- c:\windows\system32\ASOROSet.bin
2012-06-23 23:18:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 23:18:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 03:21:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-20 03:21:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 01:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 20:57:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-03 20:57:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:21:54.23 ===============