musicalpulltoy
2013-04-04, 13:49
hello
iexplorer is acting up. 1 day it will load pages 1 day it wont. flash player went bad, reset explorer, cant add acceleraters.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 4:07:32 on 2013-04-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Adobe ARM] c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{D3C8F517-0E02-41EF-88B6-50CFBAF7D6D0} : NameServer = 68.105.28.11,68.105.29.11,192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - ExtSQL: !HIDDEN! 2009-06-28 13:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 182072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-3-19 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-3-15 23456]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2011-9-23 65664]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 11520]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2013-03-24 05:36:19 -------- d-----w- c:\documents and settings\dad\local settings\application data\Opera
2013-03-19 15:44:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 22:40:28 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-15 22:40:28 -------- d-----w- c:\documents and settings\dad\local settings\application data\eSupport.com
2013-03-15 16:52:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-03-15 16:48:32 -------- d-----w- c:\documents and settings\dad\application data\IObit
2013-03-15 16:48:32 -------- d-----w- c:\documents and settings\dad\application data\AVG10
2013-03-15 16:48:29 -------- d-----w- c:\documents and settings\all users\application data\PCDr
2013-03-15 16:48:27 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-03-15 12:29:32 -------- d-----w- c:\windows\system32\Adobe
2013-03-14 00:34:30 -------- d-----w- c:\documents and settings\dad\WINDOWS
2013-03-14 00:34:28 -------- d-----w- C:\col1832
2013-03-14 00:34:27 -------- d-----w- C:\sj660
2013-03-13 08:48:06 61440 ----a-w- c:\windows\system32\W32N50.dll
2013-03-13 08:48:06 379488 ----a-w- c:\windows\system32\drivers\wg111nd5.sys
2013-03-13 08:48:06 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2013-03-13 08:48:06 15577 ----a-w- c:\windows\system32\PCANDIS3.VXD
2013-03-13 01:49:25 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-13 01:49:24 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:32:58 16752 ----a-w- c:\windows\system\REGLOAD.EXE
2013-03-12 17:53:27 -------- d-----w- C:\sj700
2013-03-12 17:24:47 32768 ----a-w- c:\windows\system32\hpsjrreg.exe
2013-03-12 17:24:47 32768 ----a-w- c:\windows\system\hpsjrreg.exe
2013-03-12 17:24:47 245760 ----a-w- c:\windows\system32\hpscnmgr.dll
2013-03-12 17:24:47 245760 ----a-w- c:\windows\system\hpscnmgr.dll
.
==================== Find3M ====================
.
2013-03-19 15:44:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 17:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 4:09:48.18 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 04:04:03
-----------------------------
04:04:03.625 OS Version: Windows 5.1.2600 Service Pack 3
04:04:03.625 Number of processors: 1 586 0x401
04:04:03.625 ComputerName: DJJXF091 UserName: DAD
04:04:06.421 Initialize success
04:04:18.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
04:04:18.781 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
04:04:18.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
04:04:18.781 Disk 1 Vendor: ST3250824A 3.AAE Size: 238475MB BusType: 3
04:04:18.921 Disk 0 MBR read successfully
04:04:18.921 Disk 0 MBR scan
04:04:18.921 Disk 0 unknown MBR code
04:04:18.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
04:04:18.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35032 MB offset 64260
04:04:18.937 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 71810550
04:04:18.953 Disk 0 scanning sectors +78108030
04:04:19.109 Disk 0 scanning C:\WINDOWS\system32\drivers
04:04:34.500 Service scanning
04:05:07.234 Modules scanning
04:05:39.625 Disk 0 trace - called modules:
04:05:39.656 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
04:05:39.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877431f0]
04:05:39.656 3 CLASSPNP.SYS[f7889fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x877deb00]
04:05:39.671 Scan finished successfully
04:06:00.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAD\Desktop\MBR.dat"
04:06:00.140 The log file has been saved successfully to "C:\Documents and Settings\DAD\Desktop\aswMBR.txt"
iexplorer is acting up. 1 day it will load pages 1 day it wont. flash player went bad, reset explorer, cant add acceleraters.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by DAD at 4:07:32 on 2013-04-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} -
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Task Catcher] c:\program files\billp studios\task catcher\tasktrap.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [Adobe ARM] c:\program files\common files\adobe\arm\1.0\AdobeARM.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dad\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\system~1\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246219383859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{D3C8F517-0E02-41EF-88B6-50CFBAF7D6D0} : NameServer = 68.105.28.11,68.105.29.11,192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\fn2dlw99.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - ExtSQL: !HIDDEN! 2009-06-28 13:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 182072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-3-19 525840]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-2-27 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-2-19 282624]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2007-4-23 224896]
S2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\dcservice.exe --> c:\documents and settings\all users\application data\datacardservice\DCService.exe [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-3-15 23456]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2011-7-31 114944]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\drivers\N3AB.sys [2005-12-23 457312]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-14 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-14 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-14 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-14 59776]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-5-3 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-5-3 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-5-3 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2011-5-3 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2011-5-3 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-5-3 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-5-3 109864]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2011-9-23 65664]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2011-4-12 166720]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2011-7-31 11520]
S3 SiSV;SiSV;c:\windows\system32\drivers\SiSV.sys [2011-4-12 50432]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-5-3 150528]
S4 DirMon2;DirMon2;C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service --> C:/Program Files/Dragon Global/DirMon2/DirMon2.exe -be_the_service [?]
S4 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-10 14336]
S4 TridWnW;PCI Audio Driver;c:\windows\system32\drivers\TridWnW.sys [2011-4-30 150872]
.
=============== Created Last 30 ================
.
2013-03-24 05:36:19 -------- d-----w- c:\documents and settings\dad\local settings\application data\Opera
2013-03-19 15:44:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-15 22:40:28 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-03-15 22:40:28 -------- d-----w- c:\documents and settings\dad\local settings\application data\eSupport.com
2013-03-15 16:52:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2013-03-15 16:48:32 -------- d-----w- c:\documents and settings\dad\application data\IObit
2013-03-15 16:48:32 -------- d-----w- c:\documents and settings\dad\application data\AVG10
2013-03-15 16:48:29 -------- d-----w- c:\documents and settings\all users\application data\PCDr
2013-03-15 16:48:27 -------- d-----w- c:\documents and settings\all users\application data\IObit
2013-03-15 12:29:32 -------- d-----w- c:\windows\system32\Adobe
2013-03-14 00:34:30 -------- d-----w- c:\documents and settings\dad\WINDOWS
2013-03-14 00:34:28 -------- d-----w- C:\col1832
2013-03-14 00:34:27 -------- d-----w- C:\sj660
2013-03-13 08:48:06 61440 ----a-w- c:\windows\system32\W32N50.dll
2013-03-13 08:48:06 379488 ----a-w- c:\windows\system32\drivers\wg111nd5.sys
2013-03-13 08:48:06 16292 ----a-w- c:\windows\system32\PCANDIS5.SYS
2013-03-13 08:48:06 15577 ----a-w- c:\windows\system32\PCANDIS3.VXD
2013-03-13 01:49:25 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-13 01:49:24 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-12 19:32:58 16752 ----a-w- c:\windows\system\REGLOAD.EXE
2013-03-12 17:53:27 -------- d-----w- C:\sj700
2013-03-12 17:24:47 32768 ----a-w- c:\windows\system32\hpsjrreg.exe
2013-03-12 17:24:47 32768 ----a-w- c:\windows\system\hpsjrreg.exe
2013-03-12 17:24:47 245760 ----a-w- c:\windows\system32\hpscnmgr.dll
2013-03-12 17:24:47 245760 ----a-w- c:\windows\system\hpscnmgr.dll
.
==================== Find3M ====================
.
2013-03-19 15:44:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 17:32:20 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40:46 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52:46 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37:56 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37:52 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37:44 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 4:09:48.18 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-03 04:04:03
-----------------------------
04:04:03.625 OS Version: Windows 5.1.2600 Service Pack 3
04:04:03.625 Number of processors: 1 586 0x401
04:04:03.625 ComputerName: DJJXF091 UserName: DAD
04:04:06.421 Initialize success
04:04:18.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
04:04:18.781 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
04:04:18.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
04:04:18.781 Disk 1 Vendor: ST3250824A 3.AAE Size: 238475MB BusType: 3
04:04:18.921 Disk 0 MBR read successfully
04:04:18.921 Disk 0 MBR scan
04:04:18.921 Disk 0 unknown MBR code
04:04:18.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
04:04:18.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 35032 MB offset 64260
04:04:18.937 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 71810550
04:04:18.953 Disk 0 scanning sectors +78108030
04:04:19.109 Disk 0 scanning C:\WINDOWS\system32\drivers
04:04:34.500 Service scanning
04:05:07.234 Modules scanning
04:05:39.625 Disk 0 trace - called modules:
04:05:39.656 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
04:05:39.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x877431f0]
04:05:39.656 3 CLASSPNP.SYS[f7889fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x877deb00]
04:05:39.671 Scan finished successfully
04:06:00.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DAD\Desktop\MBR.dat"
04:06:00.140 The log file has been saved successfully to "C:\Documents and Settings\DAD\Desktop\aswMBR.txt"