Got this virus yesterday evening. It installed several fake virus protections and, at first, restricted me from using task manage and using Malwarebytes Anti-Malware.
I ran Spyware Doctor, Avast! and RegRun and have gained control of task manage and have the ability to make Registry changes back. However, I still have several fake spyware "protectors" and am running really sluggish.
If you can help, it is greatly appreciated.
-------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by User 1 at 15:33:02.49 on Tue 04/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.979 [GMT -4:00]
AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1296 [VPS 081226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1296 [VPS 081226-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe
C:\program files (x86)\whatpulse\whatpulse .exe
C:\program files (x86)\java\jre6\bin\jusched .exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files (x86)\internet explorer\wmpscfgs.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User 1\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\systemnative\userinit.exe,
uWinlogon: Shell=c:\users\user 1\appdata\roaming\ccommander\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adHlpr Object: {0c21698b-11a0-4202-96fe-198d01082753} - c:\windows\syswow64\yebkdlmo.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: adShotHlpr Object: {b57d74ae-d437-4412-a5a7-7a3971e8a1e8} - c:\windows\syswow64\omjjxlpq.dll
BHO: hotrevenue browser enhancer: {c0745218-b667-f3f7-89ad-8848b9927739} - c:\windows\syswow64\pxdbmdsqgpfnqf.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {e623ff84-bca2-469e-aa59-730c17858d4b} - c:\windows\syswow64\JIDEWOJO.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WhatPulse] c:\program files (x86)\whatpulse\WhatPulse.exe
uRun: [Octoshape Streaming Services] "c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe" -inv:bootrun
uRun: [Aim] "c:\program files (x86)\aim\aim .exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [sysmon64x.exe] c:\users\user1~1\appdata\local\temp\SYSMON64X.EXE
uRun: [apmanager.exe] c:\users\user 1\appdata\roaming\apmanager\apmanager.exe silent
uRun: [hsf87sdhfush87fsufhuie3fddf] c:\users\user1~1\appdata\local\temp\eo9p667jp.exe
uRun: [Digital Protection] "c:\program files (x86)\digital protection\digprot.exe" -noscan
uRun: [RTHDBPL] c:\users\user 1\appdata\roaming\systemproc\lsass.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ewrgetuj] c:\users\user1~1\appdata\local\temp\geurge.exe
mRun: [lsdefrag] c:\users\user1~1\appdata\local\temp\cmnaexwosr.exe
mRun: [ezLife] rundll32 "omjjxlpq.dll",,Run
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [@RegRunOnSecure] c:\progra~2\greatis\regrun~1\OnSecure.exe
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRun: [nujuzugide] Rundll32.exe "jidewojo.dll",s
mRun: [vsvoczrnnqhsbpb] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\pxdbmdsqgpfnqf.dll"
mExplorerRun: [9xsl] c:\users\user1~1\appdata\local\temp\77wi.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: hiwazedo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~2\greatis\regrun~1\RRSHELL.DLL
LSA: Notification Packages = scecli hiwazedo.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\user1~1\appdata\roaming\mozilla\firefox\profiles\kuky3h7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files (x86)\mozilla firefox\components\ffxShot.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\user 1\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\user 1\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user 1\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-4-26 218056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 89680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-26 64592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 399360]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-27 27648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-12-27 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
=============== Created Last 30 ================
2010-04-27 00:24:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 00:24:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-27 00:24:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-27 00:24:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 00:24:40 131 ----a-w- c:\windows\IDB.zip
2010-04-27 00:24:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 00:24:39 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 00:24:39 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 00:24:39 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-27 00:18:07 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-04-27 00:18:07 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-04-27 00:18:07 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-04-27 00:18:04 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-04-27 00:18:04 218056 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-04-27 00:17:59 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-04-27 00:17:59 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-04-27 00:17:52 0 d-----w- c:\users\user1~1\appdata\roaming\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\programdata\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-26 23:31:52 0 d-----w- c:\windows\RestoreSafeDeleted
2010-04-26 23:30:15 535 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-04-26 23:27:00 0 d-sh--r- C:\desktop.ini
2010-04-26 23:27:00 0 d-sh--r- C:\comment.htt
2010-04-26 23:27:00 0 d-sh--r- C:\autorun.inf
2010-04-26 23:26:42 2 --shatr- c:\windows\winstart.bat
2010-04-26 23:26:42 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-04-26 23:26:22 37600 ----a-w- c:\windows\syswow64\Partizan.exe
2010-04-26 23:25:20 57556 ----a-w- c:\windows\guard.bmp
2010-04-26 23:25:20 36864 ----a-w- c:\windows\winbait.exe
2010-04-26 23:25:20 20192 ----a-w- c:\windows\WinBait.org
2010-04-26 23:25:20 20192 ----a-w- c:\windows\winbait .exe
2010-04-26 23:25:20 1385184 ----a-w- c:\windows\RunGuard.exe
2010-04-26 23:25:12 0 d-----w- c:\program files (x86)\Greatis
2010-04-26 23:19:26 0 d-----w- c:\users\user1~1\appdata\roaming\CCommander
2010-04-26 23:19:24 0 d-sh--w- c:\users\user1~1\appdata\roaming\SystemProc
2010-04-26 23:17:18 0 d-----w- c:\program files (x86)\Digital Protection
2010-04-26 23:16:16 317440 ----a-w- c:\windows\syswow64\cooper.mine
2010-04-26 23:14:34 36864 ----a-w- c:\windows\syswow64\READER_S.del
2010-04-26 23:14:07 0 d-----w- c:\users\user1~1\appdata\roaming\APManager
2010-04-26 23:14:04 50990 ----a-w- c:\windows\syswow64\eqpcpcyydhhaueen.exe
2010-04-26 23:14:01 0 d-----w- c:\program files (x86)\ezLife
2010-04-26 23:13:50 162304 ----a-w- c:\windows\Dgynoa.exe
2010-04-26 23:13:48 0 d-----w- c:\users\user1~1\appdata\roaming\57FEB2771E017424312E3F6F5A51A206
2010-04-25 06:30:22 0 d-----w- c:\programdata\DivX
2010-04-21 11:55:32 299008 ----a-w- c:\windows\syswow64\yebkdlmo.dll
2010-04-21 11:55:04 319488 ----a-w- c:\windows\syswow64\omjjxlpq.dll
2010-04-15 10:58:44 384512 ----a-w- c:\windows\syswow64\_pxdbmdsqgpfnqf.dll
2010-04-15 10:58:44 381952 ----a-w- c:\windows\syswow64\pxdbmdsqgpfnqf.dll
2010-04-15 07:03:15 1427336 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 07:03:13 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 07:03:13 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 07:03:01 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 07:03:01 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 07:03:00 106496 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 07:02:57 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 07:02:37 602624 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 07:02:37 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-15 07:02:36 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 07:02:36 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-04-15 07:02:36 220672 ----a-w- c:\windows\syswow64\l3codecp.acm
2010-04-15 07:02:36 181760 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 16:41:10 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:41:10 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 16:41:09 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 16:41:09 104960 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 17:50:09 0 d-----w- c:\program files\iPod
2010-04-05 17:50:08 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-05 17:50:08 0 d-----w- c:\program files\iTunes
2010-04-05 17:50:08 0 d-----w- c:\program files (x86)\iTunes
2010-04-05 17:45:44 0 d-----w- c:\program files\Bonjour
2010-03-31 01:58:24 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl
==================== Find3M ====================
2010-04-27 19:01:37 66702 ----a-w- c:\programdata\nvModes.dat
2010-04-05 17:46:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 17:46:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 17:46:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-11 21:36:51 133712 ----a-w- c:\windows\War3Unin.dat
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:15:56 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-12 16:01:24 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:01:24 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-11-17 09:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-27 06:40:49 174 --sha-w- c:\program files\desktop.ini
2008-12-27 06:40:49 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-27 11:19:49 1970157 --sha-w- c:\windows\syswow64\dukotova.exe
2010-01-27 11:19:49 0 --sha-w- c:\windows\syswow64\fogiguzu.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\hiwazedo.dll
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\jidewojo.dll
2010-01-26 23:19:21 1970157 --sha-w- c:\windows\syswow64\jumaruri.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\korapulu.dll
2010-01-27 11:19:49 110592 --sha-w- c:\windows\syswow64\zudujogi.exe
2008-01-09 00:30:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:35:03.74 ===============
Also have Attach.txt saved - will be zipped and posted upon request.
I ran Spyware Doctor, Avast! and RegRun and have gained control of task manage and have the ability to make Registry changes back. However, I still have several fake spyware "protectors" and am running really sluggish.
If you can help, it is greatly appreciated.
-------------------------------------------------------------------
DDS (Ver_10-03-17.01) - NTFSX64
Run by User 1 at 15:33:02.49 on Tue 04/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3326.979 [GMT -4:00]
AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1296 [VPS 081226-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1296 [VPS 081226-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Greatis\RegRunSuite\watchdog.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe
C:\program files (x86)\whatpulse\whatpulse .exe
C:\program files (x86)\java\jre6\bin\jusched .exe
C:\program files (x86)\itunes\ituneshelper .exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files (x86)\internet explorer\wmpscfgs.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User 1\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\systemnative\userinit.exe,
uWinlogon: Shell=c:\users\user 1\appdata\roaming\ccommander\ccmain.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: adHlpr Object: {0c21698b-11a0-4202-96fe-198d01082753} - c:\windows\syswow64\yebkdlmo.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: adShotHlpr Object: {b57d74ae-d437-4412-a5a7-7a3971e8a1e8} - c:\windows\syswow64\omjjxlpq.dll
BHO: hotrevenue browser enhancer: {c0745218-b667-f3f7-89ad-8848b9927739} - c:\windows\syswow64\pxdbmdsqgpfnqf.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {e623ff84-bca2-469e-aa59-730c17858d4b} - c:\windows\syswow64\JIDEWOJO.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBROWSERDEFENDER.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WhatPulse] c:\program files (x86)\whatpulse\WhatPulse.exe
uRun: [Octoshape Streaming Services] "c:\users\user 1\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient .exe" -inv:bootrun
uRun: [Aim] "c:\program files (x86)\aim\aim .exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
uRun: [sysmon64x.exe] c:\users\user1~1\appdata\local\temp\SYSMON64X.EXE
uRun: [apmanager.exe] c:\users\user 1\appdata\roaming\apmanager\apmanager.exe silent
uRun: [hsf87sdhfush87fsufhuie3fddf] c:\users\user1~1\appdata\local\temp\eo9p667jp.exe
uRun: [Digital Protection] "c:\program files (x86)\digital protection\digprot.exe" -noscan
uRun: [RTHDBPL] c:\users\user 1\appdata\roaming\systemproc\lsass.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\qttask .exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ewrgetuj] c:\users\user1~1\appdata\local\temp\geurge.exe
mRun: [lsdefrag] c:\users\user1~1\appdata\local\temp\cmnaexwosr.exe
mRun: [ezLife] rundll32 "omjjxlpq.dll",,Run
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [@RegRunOnSecure] c:\progra~2\greatis\regrun~1\OnSecure.exe
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe"
mRun: [nujuzugide] Rundll32.exe "jidewojo.dll",s
mRun: [vsvoczrnnqhsbpb] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\pxdbmdsqgpfnqf.dll"
mExplorerRun: [9xsl] c:\users\user1~1\appdata\local\temp\77wi.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\users\user1~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\impuls~1.lnk - c:\program files (x86)\stardock\impulse\now\ImpulseNow.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: hiwazedo.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~2\greatis\regrun~1\RRSHELL.DLL
LSA: Notification Packages = scecli hiwazedo.dll
IFEO: MpCmdRun.exe - c:\windows\system32\svchost.exe
IFEO: MSASCui.exe - c:\windows\system32\svchost.exe
IFEO: MsMpEng.exe - c:\windows\system32\svchost.exe
IFEO: msseces.exe - c:\windows\system32\svchost.exe
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\user1~1\appdata\roaming\mozilla\firefox\profiles\kuky3h7i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files (x86)\mozilla firefox\components\ffxShot.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\user 1\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\user 1\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user 1\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Adobe Flash Plugin: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-4-26 218056]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 89680]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-26 64592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-4-26 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-4-26 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-4-26 1141712]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-6-27 399360]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk60x64.sys [2007-12-6 391680]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athrxu6.sys [2007-7-5 1041920]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-27 27648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 40464]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-12-27 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
=============== Created Last 30 ================
2010-04-27 00:24:41 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-27 00:24:40 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-27 00:24:40 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-27 00:24:40 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-27 00:24:40 131 ----a-w- c:\windows\IDB.zip
2010-04-27 00:24:40 1152444 ----a-w- c:\windows\UDB.zip
2010-04-27 00:24:39 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-27 00:24:39 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-27 00:24:39 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-04-27 00:18:07 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-04-27 00:18:07 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-04-27 00:18:07 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-04-27 00:18:04 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-04-27 00:18:04 218056 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-04-27 00:17:59 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-04-27 00:17:59 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-04-27 00:17:52 0 d-----w- c:\users\user1~1\appdata\roaming\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\programdata\PC Tools
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-04-27 00:17:52 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-04-26 23:31:52 0 d-----w- c:\windows\RestoreSafeDeleted
2010-04-26 23:30:15 535 ----a-w- c:\windows\syswow64\Partizan.RRI
2010-04-26 23:27:00 0 d-sh--r- C:\desktop.ini
2010-04-26 23:27:00 0 d-sh--r- C:\comment.htt
2010-04-26 23:27:00 0 d-sh--r- C:\autorun.inf
2010-04-26 23:26:42 2 --shatr- c:\windows\winstart.bat
2010-04-26 23:26:42 2 --shatr- c:\windows\syswow64\AUTOEXEC.NT
2010-04-26 23:26:22 37600 ----a-w- c:\windows\syswow64\Partizan.exe
2010-04-26 23:25:20 57556 ----a-w- c:\windows\guard.bmp
2010-04-26 23:25:20 36864 ----a-w- c:\windows\winbait.exe
2010-04-26 23:25:20 20192 ----a-w- c:\windows\WinBait.org
2010-04-26 23:25:20 20192 ----a-w- c:\windows\winbait .exe
2010-04-26 23:25:20 1385184 ----a-w- c:\windows\RunGuard.exe
2010-04-26 23:25:12 0 d-----w- c:\program files (x86)\Greatis
2010-04-26 23:19:26 0 d-----w- c:\users\user1~1\appdata\roaming\CCommander
2010-04-26 23:19:24 0 d-sh--w- c:\users\user1~1\appdata\roaming\SystemProc
2010-04-26 23:17:18 0 d-----w- c:\program files (x86)\Digital Protection
2010-04-26 23:16:16 317440 ----a-w- c:\windows\syswow64\cooper.mine
2010-04-26 23:14:34 36864 ----a-w- c:\windows\syswow64\READER_S.del
2010-04-26 23:14:07 0 d-----w- c:\users\user1~1\appdata\roaming\APManager
2010-04-26 23:14:04 50990 ----a-w- c:\windows\syswow64\eqpcpcyydhhaueen.exe
2010-04-26 23:14:01 0 d-----w- c:\program files (x86)\ezLife
2010-04-26 23:13:50 162304 ----a-w- c:\windows\Dgynoa.exe
2010-04-26 23:13:48 0 d-----w- c:\users\user1~1\appdata\roaming\57FEB2771E017424312E3F6F5A51A206
2010-04-25 06:30:22 0 d-----w- c:\programdata\DivX
2010-04-21 11:55:32 299008 ----a-w- c:\windows\syswow64\yebkdlmo.dll
2010-04-21 11:55:04 319488 ----a-w- c:\windows\syswow64\omjjxlpq.dll
2010-04-15 10:58:44 384512 ----a-w- c:\windows\syswow64\_pxdbmdsqgpfnqf.dll
2010-04-15 10:58:44 381952 ----a-w- c:\windows\syswow64\pxdbmdsqgpfnqf.dll
2010-04-15 07:03:15 1427336 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 07:03:13 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 07:03:13 225280 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 07:03:01 273920 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 07:03:01 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 07:03:00 106496 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 07:02:57 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 07:02:37 602624 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 07:02:37 430080 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-15 07:02:36 72192 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 07:02:36 62464 ----a-w- c:\windows\syswow64\l3codeca.acm
2010-04-15 07:02:36 220672 ----a-w- c:\windows\syswow64\l3codecp.acm
2010-04-15 07:02:36 181760 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 16:41:10 218624 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:41:10 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-14 16:41:09 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 16:41:09 104960 ----a-w- c:\windows\system32\cabview.dll
2010-04-05 17:50:09 0 d-----w- c:\program files\iPod
2010-04-05 17:50:08 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-05 17:50:08 0 d-----w- c:\program files\iTunes
2010-04-05 17:50:08 0 d-----w- c:\program files (x86)\iTunes
2010-04-05 17:45:44 0 d-----w- c:\program files\Bonjour
2010-03-31 01:58:24 353592 ----a-w- c:\windows\syswow64\DivXControlPanelApplet.cpl
==================== Find3M ====================
2010-04-27 19:01:37 66702 ----a-w- c:\programdata\nvModes.dat
2010-04-05 17:46:12 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-05 17:46:12 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 17:46:12 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-11 21:36:51 133712 ----a-w- c:\windows\War3Unin.dat
2010-03-09 16:50:32 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-03-09 16:07:05 1032192 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 15:42:17 834048 ----a-w- c:\windows\syswow64\wininet.dll
2010-03-09 15:42:08 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2010-03-09 15:40:29 477184 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-03-09 15:40:29 3601920 ----a-w- c:\windows\syswow64\mshtml.dll
2010-03-09 15:39:49 6080000 ----a-w- c:\windows\syswow64\ieframe.dll
2010-03-09 15:39:49 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-03-09 15:39:49 180736 ----a-w- c:\windows\syswow64\ieui.dll
2010-03-09 15:39:47 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-02-24 14:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:15:56 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:14:20 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 23:06:41 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2010-02-12 16:01:24 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:01:24 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-11-17 09:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-12-27 06:40:49 174 --sha-w- c:\program files\desktop.ini
2008-12-27 06:40:49 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-27 11:19:49 1970157 --sha-w- c:\windows\syswow64\dukotova.exe
2010-01-27 11:19:49 0 --sha-w- c:\windows\syswow64\fogiguzu.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\hiwazedo.dll
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\jidewojo.dll
2010-01-26 23:19:21 1970157 --sha-w- c:\windows\syswow64\jumaruri.exe
2010-01-26 23:13:48 127488 --sha-w- c:\windows\syswow64\korapulu.dll
2010-01-27 11:19:49 110592 --sha-w- c:\windows\syswow64\zudujogi.exe
2008-01-09 00:30:43 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 15:35:03.74 ===============
Also have Attach.txt saved - will be zipped and posted upon request.