Steelhead99
Posts: 52 +0
Please forgive me if I am doing this wrong. If so my ignorance is not willful. I am VERY nontechnical, but I THINK that I was able to properly follow the 7 preliminary steps. I see that the instructions appear to ask us to PASTE the logs but others seem to have attached them. I will paste as instructed and hope that I have not fouled up. Here they are in the sequence they were run ...
1) Ran quick scan and then full scan with Microsoft Security Essentials ... no viruses found.
2) Mbam-log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6634
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
5/21/2011 5:31:51 PM
mbam-log-2011-05-21 (17-31-51).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 409406
Time elapsed: 2 hour(s), 7 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3) GMER
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-22 22:09:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9200827AS rev.3.BHA
Running: yjfc4lwx.exe; Driver: C:\Users\GHMonroe\AppData\Local\Temp\aftyrkog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
4) DDS.txt
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_25
Run by GHMonroe at 22:21:59 on 2011-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1353 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\NaturalSoft\naturalreader9\NaturalReader9.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\GHMonroe\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Show Naturalreader Bar: {127ad70f-b2b7-4f6a-acd9-c7b1fe48c8c0} - c:\windows\system32\MsiExec.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} -
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\ghmonroe\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Google Update] "c:\users\ghmonroe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [1A:Stardock TrayMonitor]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunServices: [1A:Stardock TrayMonitor]
StartupFolder: c:\users\ghmonroe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ghmonroe\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Startup.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Dogpile Search - file://c:\users\ghmonroe\appdata\locallow\dogpiletbar\SelectedContextSearch_Dogpile Search.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ghmonroe\appdata\roaming\mozilla\firefox\profiles\ymcl2t3p.default\
FF - prefs.js: browser.search.selectedEngine - DogPile Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/Thats-My-Story-G-H-Monroe/dp/0615229921/ref=sr_1_2?ie=UTF8&s=books&qid=1224754889&sr=1-2
FF - prefs.js: network.proxy.ftp - 180.249.59.205:3128
FF - prefs.js: network.proxy.gopher - 180.249.59.205:3128
FF - prefs.js: network.proxy.http - 180.249.59.205:3128
FF - prefs.js: network.proxy.socks - 180.249.59.205:3128
FF - prefs.js: network.proxy.ssl - 180.249.59.205:3128
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ghmonroe\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\ghmonroe\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ghmonroe\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ghmonroe\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\programdata\iwin games\firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsl02ab3d5c;MpKsl02ab3d5c;c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\MpKsl02ab3d5c.sys [2011-5-22 28752]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-10-21 20376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-9-2 176408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-13 1153368]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca35be573a6e90;Google Update Service (gupdate1ca35be573a6e90);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-05-23 02:11:27 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\MpKsl02ab3d5c.sys
2011-05-23 02:11:23 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\mpengine.dll
2011-05-21 18:28:21 -------- d-----w- c:\users\ghmonroe\appdata\roaming\Malwarebytes
2011-05-21 18:27:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 18:27:48 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 18:27:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 18:27:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 09:58:00 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{35b80a39-2b83-4cd7-9a3e-60890febae83}\gapaengine.dll
2011-05-16 18:46:02 388096 ----a-r- c:\users\ghmonroe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-16 18:46:00 -------- d-----w- c:\program files\Trend Micro
2011-05-13 12:07:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-13 12:07:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-11 18:50:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-10 05:36:49 -------- d-----w- C:\cd14a3323bc8fee482710cdf05b7
2011-05-09 10:01:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\RENB0AD.tmp
2011-04-27 03:22:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 03:22:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-28 20:25:20 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-03-17 22:29:26 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52:11 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52:04 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51:53 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:23:23.27 ===============
5) DDS Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2008 4:59:02 AM
System Uptime: 5/18/2011 2:54:15 PM (104 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 53.012 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.988 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 317.035 GiB free.
G: is CDROM (UDF)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0000
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0000
Service: Ph3xIB32
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1402: 5/13/2011 7:58:58 AM - Windows Update
RP1403: 5/14/2011 3:00:23 AM - Windows Update
RP1404: 5/14/2011 10:01:53 AM - Windows Update
RP1405: 5/15/2011 3:00:12 AM - Windows Update
RP1406: 5/15/2011 12:39:54 PM - Windows Update
RP1407: 5/16/2011 3:00:12 AM - Windows Update
RP1408: 5/16/2011 7:56:45 AM - Windows Update
RP1409: 5/16/2011 2:45:21 PM - Installed HiJackThis
RP1410: 5/17/2011 3:00:21 AM - Windows Update
RP1411: 5/17/2011 9:14:18 AM - Windows Update
RP1412: 5/18/2011 3:00:23 AM - Windows Update
RP1413: 5/18/2011 5:01:07 PM - Scheduled Checkpoint
RP1414: 5/19/2011 3:00:21 AM - Windows Update
RP1415: 5/19/2011 3:41:59 AM - Windows Update
RP1416: 5/20/2011 3:00:11 AM - Windows Update
RP1417: 5/20/2011 5:56:53 AM - Windows Update
RP1418: 5/21/2011 3:00:12 AM - Windows Update
RP1419: 5/21/2011 1:11:32 PM - Windows Update
RP1420: 5/21/2011 2:56:57 PM - Windows Update
RP1421: 5/22/2011 3:00:13 AM - Windows Update
RP1422: 5/22/2011 1:20:14 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
AIM 6
Apple Software Update
Applian Director
Ask Toolbar
Atheros Driver Installation Program
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
AudibleManager
AutoHotkey 1.0.47.06
AutoUpdate
BN eReader
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_AIO_06_F4500_SW_MIN
Dogpile Toolbar
Dragon NaturallySpeaking 10
Dropbox
DVD Suite
DVDFab 6.0.7.0 (18/09/2009)
EA Link
FamilyFeudOnlineParty (remove only)
Free Mp3 Wma Converter V 1.7.3
Free NaturalReader
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
H.264 Decoder
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
ImagePrinter 2.0.1
iWin Games (remove only)
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
KateVoice
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.10.19.1
Linksys Bi-Admin
Malwarebytes' Anti-Malware
ManyCam 2.5.74 (remove only)
Memorex exPressit Label Design Studio
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Visio Professional 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MKV Splitter
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NaturalReader9
NetWaiting
Network
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Odyssey Client
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
OpenOffice.org 2.4
OverDrive Media Console
Paint Shop Pro 4.15 SE
Paint.NET v3.36
PaulVoice
Philips Songbird
Power2Go
PowerDirector
Print Server Driver
PSSWCORE
Quicken WillMaker Plus 2009
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek High Definition Audio Driver
Replay Music
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Sayz Me
Scan
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SimpleOCR 3.1
Skype™ 4.2
Slingbox Flash Tour
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TBS WMP Plug-in
The Sims™ Life Stories
The Weather Channel Desktop 6
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Visual C++ Runtime for Dragon NaturallySpeaking
WD SmartWare
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Wireless-G Notebook Adapter
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yeosoft Text to MP3 Speaker 5.1.2
.
==== Event Viewer Messages From Past Week ========
.
5/18/2011 2:54:44 PM, Error: EventLog [6008] - The previous system shutdown at 2:37:33 PM on 5/18/2011 was unexpected.
5/18/2011 12:23:32 PM, Error: EventLog [6008] - The previous system shutdown at 11:18:37 AM on 5/18/2011 was unexpected.
5/18/2011 11:02:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\c:\users\oz\AppData\Local\Microsoft\Windows\usrclass.dat' was corrupted and it has been recovered. Some data might have been lost.
5/18/2011 10:53:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1875.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/18/2011 10:53:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1875.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/18/2011 10:53:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.40 for the Network Card with network address 00226980BE6A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/16/2011 9:17:05 PM, Error: EventLog [6008] - The previous system shutdown at 9:08:21 PM on 5/16/2011 was unexpected.
5/16/2011 8:49:41 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
5/16/2011 8:49:41 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/16/2011 8:48:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/16/2011 8:47:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:28 PM on 5/16/2011 was unexpected.
5/15/2011 3:04:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).
5/15/2011 10:10:28 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JWOOD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{44878248-35BE-452D-B502-17545736B. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
I hope that I have followed instructions correctly.
1) Ran quick scan and then full scan with Microsoft Security Essentials ... no viruses found.
2) Mbam-log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6634
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048
5/21/2011 5:31:51 PM
mbam-log-2011-05-21 (17-31-51).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 409406
Time elapsed: 2 hour(s), 7 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
3) GMER
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit quick scan 2011-05-22 22:09:05
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9200827AS rev.3.BHA
Running: yjfc4lwx.exe; Driver: C:\Users\GHMonroe\AppData\Local\Temp\aftyrkog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
4) DDS.txt
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_25
Run by GHMonroe at 22:21:59 on 2011-05-22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1353 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\NaturalSoft\naturalreader9\NaturalReader9.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Users\GHMonroe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\GHMonroe\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Show Naturalreader Bar: {127ad70f-b2b7-4f6a-acd9-c7b1fe48c8c0} - c:\windows\system32\MsiExec.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} -
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Dogpile Toolbar: {a057a204-bacc-4d26-889e-3db98de17499} - c:\progra~1\dogpil~1\DOGPIL~1.DLL
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Naturalsoft IE Bar V9: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\ghmonroe\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [Google Update] "c:\users\ghmonroe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [1A:Stardock TrayMonitor]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Philips Device Listener] "c:\program files\philips\philips songbird resources\autolauncher\PhilipsDeviceListener.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunServices: [1A:Stardock TrayMonitor]
StartupFolder: c:\users\ghmonroe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\ghmonroe\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Startup.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Dogpile Search - file://c:\users\ghmonroe\appdata\locallow\dogpiletbar\SelectedContextSearch_Dogpile Search.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ghmonroe\appdata\roaming\mozilla\firefox\profiles\ymcl2t3p.default\
FF - prefs.js: browser.search.selectedEngine - DogPile Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/Thats-My-Story-G-H-Monroe/dp/0615229921/ref=sr_1_2?ie=UTF8&s=books&qid=1224754889&sr=1-2
FF - prefs.js: network.proxy.ftp - 180.249.59.205:3128
FF - prefs.js: network.proxy.gopher - 180.249.59.205:3128
FF - prefs.js: network.proxy.http - 180.249.59.205:3128
FF - prefs.js: network.proxy.socks - 180.249.59.205:3128
FF - prefs.js: network.proxy.ssl - 180.249.59.205:3128
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ghmonroe\appdata\local\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\users\ghmonroe\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ghmonroe\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ghmonroe\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - c:\programdata\iwin games\firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]
R1 MpKsl02ab3d5c;MpKsl02ab3d5c;c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\MpKsl02ab3d5c.sys [2011-5-22 28752]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-10-21 20376]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-9-2 176408]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-13 1153368]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca35be573a6e90;Google Update Service (gupdate1ca35be573a6e90);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-15 133104]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.reg=Regedit.Document
.
=============== Created Last 30 ================
.
2011-05-23 02:11:27 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\MpKsl02ab3d5c.sys
2011-05-23 02:11:23 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{697d3912-8faa-4614-a208-b7170af16e20}\mpengine.dll
2011-05-21 18:28:21 -------- d-----w- c:\users\ghmonroe\appdata\roaming\Malwarebytes
2011-05-21 18:27:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-21 18:27:48 -------- d-----w- c:\programdata\Malwarebytes
2011-05-21 18:27:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 18:27:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-20 09:58:00 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{35b80a39-2b83-4cd7-9a3e-60890febae83}\gapaengine.dll
2011-05-16 18:46:02 388096 ----a-r- c:\users\ghmonroe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-16 18:46:00 -------- d-----w- c:\program files\Trend Micro
2011-05-13 12:07:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-13 12:07:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-11 18:50:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-10 05:36:49 -------- d-----w- C:\cd14a3323bc8fee482710cdf05b7
2011-05-09 10:01:53 472808 ----a-w- c:\program files\mozilla firefox\plugins\RENB0AD.tmp
2011-04-27 03:22:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 03:22:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-28 20:25:20 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-03-17 22:29:26 71072 ----a-w- c:\windows\CouponPrinter.ocx
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 12:52:11 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 12:52:04 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 12:51:53 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 12:51:51 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:23:23.27 ===============
5) DDS Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/28/2008 4:59:02 AM
System Uptime: 5/18/2011 2:54:15 PM (104 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 53.012 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.988 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 317.035 GiB free.
G: is CDROM (UDF)
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: ADS Instant HDTV PCI
Device ID: ROOT\MEDIA\0000
Manufacturer: ADS Technologies
Name: ADS Instant HDTV PCI
PNP Device ID: ROOT\MEDIA\0000
Service: Ph3xIB32
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP1402: 5/13/2011 7:58:58 AM - Windows Update
RP1403: 5/14/2011 3:00:23 AM - Windows Update
RP1404: 5/14/2011 10:01:53 AM - Windows Update
RP1405: 5/15/2011 3:00:12 AM - Windows Update
RP1406: 5/15/2011 12:39:54 PM - Windows Update
RP1407: 5/16/2011 3:00:12 AM - Windows Update
RP1408: 5/16/2011 7:56:45 AM - Windows Update
RP1409: 5/16/2011 2:45:21 PM - Installed HiJackThis
RP1410: 5/17/2011 3:00:21 AM - Windows Update
RP1411: 5/17/2011 9:14:18 AM - Windows Update
RP1412: 5/18/2011 3:00:23 AM - Windows Update
RP1413: 5/18/2011 5:01:07 PM - Scheduled Checkpoint
RP1414: 5/19/2011 3:00:21 AM - Windows Update
RP1415: 5/19/2011 3:41:59 AM - Windows Update
RP1416: 5/20/2011 3:00:11 AM - Windows Update
RP1417: 5/20/2011 5:56:53 AM - Windows Update
RP1418: 5/21/2011 3:00:12 AM - Windows Update
RP1419: 5/21/2011 1:11:32 PM - Windows Update
RP1420: 5/21/2011 2:56:57 PM - Windows Update
RP1421: 5/22/2011 3:00:13 AM - Windows Update
RP1422: 5/22/2011 1:20:14 PM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
AAC Decoder
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player
AIM 6
Apple Software Update
Applian Director
Ask Toolbar
Atheros Driver Installation Program
Audacity 1.2.6
Audacity 1.3.12 (Unicode)
AudibleManager
AutoHotkey 1.0.47.06
AutoUpdate
BN eReader
CamStudio
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
CyberLink YouCam
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_AIO_06_F4500_SW_MIN
Dogpile Toolbar
Dragon NaturallySpeaking 10
Dropbox
DVD Suite
DVDFab 6.0.7.0 (18/09/2009)
EA Link
FamilyFeudOnlineParty (remove only)
Free Mp3 Wma Converter V 1.7.3
Free NaturalReader
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Google Updater
H.264 Decoder
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
ImagePrinter 2.0.1
iWin Games (remove only)
Java Auto Updater
Java(TM) 6 Update 25
Junk Mail filter update
KateVoice
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software 1.10.19.1
Linksys Bi-Admin
Malwarebytes' Anti-Malware
ManyCam 2.5.74 (remove only)
Memorex exPressit Label Design Studio
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Visio Professional 2003
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Works
MKV Splitter
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NaturalReader9
NetWaiting
Network
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
Odyssey Client
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
OpenOffice.org 2.4
OverDrive Media Console
Paint Shop Pro 4.15 SE
Paint.NET v3.36
PaulVoice
Philips Songbird
Power2Go
PowerDirector
Print Server Driver
PSSWCORE
Quicken WillMaker Plus 2009
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek High Definition Audio Driver
Replay Music
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Sayz Me
Scan
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SimpleOCR 3.1
Skype™ 4.2
Slingbox Flash Tour
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TBS WMP Plug-in
The Sims™ Life Stories
The Weather Channel Desktop 6
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
Visual C++ Runtime for Dragon NaturallySpeaking
WD SmartWare
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Wireless-G Notebook Adapter
Yahoo! BrowserPlus 2.9.8
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yeosoft Text to MP3 Speaker 5.1.2
.
==== Event Viewer Messages From Past Week ========
.
5/18/2011 2:54:44 PM, Error: EventLog [6008] - The previous system shutdown at 2:37:33 PM on 5/18/2011 was unexpected.
5/18/2011 12:23:32 PM, Error: EventLog [6008] - The previous system shutdown at 11:18:37 AM on 5/18/2011 was unexpected.
5/18/2011 11:02:09 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\c:\users\oz\AppData\Local\Microsoft\Windows\usrclass.dat' was corrupted and it has been recovered. Some data might have been lost.
5/18/2011 10:53:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1875.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/18/2011 10:53:50 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.103.1875.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6802.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
5/18/2011 10:53:49 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.40 for the Network Card with network address 00226980BE6A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/16/2011 9:17:05 PM, Error: EventLog [6008] - The previous system shutdown at 9:08:21 PM on 5/16/2011 was unexpected.
5/16/2011 8:49:41 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
5/16/2011 8:49:41 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/16/2011 8:48:05 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/16/2011 8:47:30 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:28 PM on 5/16/2011 was unexpected.
5/15/2011 3:04:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).
5/15/2011 10:10:28 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer JWOOD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{44878248-35BE-452D-B502-17545736B. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
I hope that I have followed instructions correctly.