bfhsteelers
Posts: 9 +0
Hello,
I noticed my kids' computer is running very slow and I have begun the 4 step process that you have graciously posted.
The computer is an old Dell Dimension E310, running Windows XP - Service Pack 3.
I also noticed that it is missing System Tools and Administrative tools.
Please help and forgive me if I am missing info, I will get back to you with all that I can.
Thanks.
Brian
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.15.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Romy :: ROMY-890356A1D7 [administrator]
Protection: Enabled
9/15/2013 5:34:15 PM
mbam-log-2013-09-15 (17-34-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271177
Time elapsed: 38 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
E:\Documents and Settings\Romy\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
Files Detected: 11
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-4.21.8.windows(2).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-4.21.8.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-5.0.7.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\RecipesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\tightbackgrounds.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Local Settings\Temporary Internet Files\Content.IE5\1MNR2WHK\7zip_bimo_2799[1].exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\2224.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\IE8-WindowsXP-x86-ENU.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\IE8-WindowsXP-x86-ENU_wp5v1.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============
I noticed my kids' computer is running very slow and I have begun the 4 step process that you have graciously posted.
The computer is an old Dell Dimension E310, running Windows XP - Service Pack 3.
I also noticed that it is missing System Tools and Administrative tools.
Please help and forgive me if I am missing info, I will get back to you with all that I can.
Thanks.
Brian
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.09.15.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Romy :: ROMY-890356A1D7 [administrator]
Protection: Enabled
9/15/2013 5:34:15 PM
mbam-log-2013-09-15 (17-34-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271177
Time elapsed: 38 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
E:\Documents and Settings\Romy\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
Files Detected: 11
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-4.21.8.windows(2).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-4.21.8.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\frostwire-5.0.7.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\RecipesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\My Documents\Downloads\tightbackgrounds.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Local Settings\Temporary Internet Files\Content.IE5\1MNR2WHK\7zip_bimo_2799[1].exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\2224.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\IE8-WindowsXP-x86-ENU.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
E:\Documents and Settings\Romy\Application Data\OpenCandy\OpenCandy_9FC1C76B366B47BD870DED640F7CBACA\IE8-WindowsXP-x86-ENU_wp5v1.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_38
Run by Romy at 18:42:17 on 2013-09-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1170 [GMT -7:00]
.
AV: Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Firewall *Enabled*
.
============== Running Processes ================
.
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
E:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
E:\Program Files\CyberLink\Shared Files\RichVideo.exe
E:\Program Files\Verizon\VSP\ServicepointService.exe
E:\WINDOWS\ehome\mcrdsvc.exe
E:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
E:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\WINDOWS\system32\igfxpers.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Verizon\VSP\VerizonServicepoint.exe
E:\Program Files\McAfee.com\Agent\mcagent.exe
E:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
E:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Ask.com\Updater\Updater.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
E:\Program Files\lg_fwupdate\fwupdate.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k NetworkService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k LocalService
E:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZKfox000&ptb=0DSgb8RN5kZgdzCsYnrcJA
uURLSearchHooks: {00A6FAF6-072E-44cf-8957-5838F569A31D} - <orphaned>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - e:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - e:\program files\common files\mcafee\systemcore\ScriptSn.20120703121733.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - e:\program files\ask.com\GenericAskToolbar.dll
uRun: [MSMSGS] "e:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "e:\documents and settings\romy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [ehTray] e:\windows\ehome\ehtray.exe
mRun: [RoxWatchTray] "e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [igfxtray] e:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] e:\windows\system32\hkcmd.exe
mRun: [igfxpers] e:\windows\system32\igfxpers.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VerizonServicepoint.exe] "e:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [mcui_exe] "e:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [CLMLServer] "e:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [RemoteControl8] "e:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "e:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UCam_Menu] "e:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "e:\program files\lg_fwupdate\lgfw.exe" blrun
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [QuickTime Task] "e:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [ApnUpdater] "e:\program files\ask.com\updater\Updater.exe"
mRun: [vaqsQJTNJWdMqPG.exe] e:\documents and settings\all users\application data\vaqsQJTNJWdMqPG.exe
mRun: [APSDaemon] "e:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
StartupFolder: e:\docume~1\romy\startm~1\programs\startup\limewi~1.lnk - e:\program files\limewire\LimeWire.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A3170E45-BCD4-4E01-A5D1-CDCC33934418} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - e:\program files\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - e:\program files\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;e:\windows\system32\drivers\mfehidk.sys [2010-9-23 565888]
R1 mfetdi2k;McAfee Inc. mfetdi2k;e:\windows\system32\drivers\mfetdi2k.sys [2010-9-23 91640]
R2 IHA_MessageCenter;IHA_MessageCenter;e:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-12-12 346696]
R2 MBAMScheduler;MBAMScheduler;e:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-9-15 418376]
R2 MBAMService;MBAMService;e:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-9-15 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McMPFSvc;McAfee Personal Firewall Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McNaiAnn;McAfee VirusScan Announcer;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McProxy;McAfee Proxy Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
R2 McrdSvc;Media Center Extender Service;e:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee McShield;e:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-23 203840]
R2 mfefire;McAfee Firewall Core Service;e:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;e:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-23 172416]
R2 ServicepointService;ServicepointService;e:\program files\verizon\vsp\ServicepointService.exe [2010-9-15 689392]
R3 cfwids;McAfee Inc. cfwids;e:\windows\system32\drivers\cfwids.sys [2010-9-23 60920]
R3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2013-9-15 22856]
R3 mfeavfk;McAfee Inc. mfeavfk;e:\windows\system32\drivers\mfeavfk.sys [2010-9-23 235264]
R3 mfefirek;McAfee Inc. mfefirek;e:\windows\system32\drivers\mfefirek.sys [2010-9-23 363080]
R3 mfendiskmp;mfendiskmp;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S2 avg7rsw;Qmofiltr;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 ccsetmgr;Penclass;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 lfsfilt;Djsnetcn;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mcafeeantispyware;Rt61;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mks_scan;BRCMDECO;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 mksupdateint;Ipahelper.exe;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 MpFilter;Ftpqueue;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pav_service;W8100PCI;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 pavsrv;Rvscc;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 PEVSystemStart;DSDrv4;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RalinkRegistryWriter;Thkeys;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 RoxLiveShare10;LiveShare P2P Server 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2008-5-14 166384]
S2 SessionLauncher;SessionLauncher;e:\docume~1\romy\locals~1\temp\dx9\sessionlauncher.exe --> e:\docume~1\romy\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 veteboot;Dnwhodisp;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S2 webrootadminconsole;StkScan;e:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 HipShieldK;McAfee Inc. HipShieldK;e:\windows\system32\drivers\HipShieldK.sys [2012-12-28 146872]
S3 mfebopk;McAfee Inc. mfebopk;e:\windows\system32\drivers\mfebopk.sys [2010-9-23 65928]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;e:\windows\system32\drivers\mfendisk.sys [2013-3-6 84904]
S3 mferkdet;McAfee Inc. mferkdet;e:\windows\system32\drivers\mferkdet.sys [2010-9-23 92632]
S3 RoxMediaDB10;RoxMediaDB10;e:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-5-14 1120752]
S4 McOobeSv;McAfee OOBE Service;e:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-23 167784]
.
=============== Created Last 30 ================
.
2013-09-16 00:24:53 -------- d-----w- e:\documents and settings\romy\application data\Malwarebytes
2013-09-16 00:24:36 -------- d-----w- e:\documents and settings\all users\application data\Malwarebytes
2013-09-16 00:24:33 22856 ----a-w- e:\windows\system32\drivers\mbam.sys
2013-09-16 00:24:33 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2013-09-15 23:20:27 -------- d-----w- e:\windows\pss
.
==================== Find3M ====================
.
2013-09-15 23:45:44 71048 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-15 23:45:44 692616 ----a-w- e:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 18:43:33.25 ===============