I opened an email from a friend and got a weird feeling right away. Sure enough, my computer starting running very slow. I have followed your 8 steps. Please provide some advice. Thank you.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5131
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/19/2010 10:58:46 PM
mbam-log-2010-11-19 (22-58-46).txt
Scan type: Quick scan
Objects scanned: 154333
Time elapsed: 40 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
E:\Documents and Settings\Violet\My Documents\downloads\Guffins.exe (PUP.FunWebProducts) -> No action taken.
E:\RECYCLER\S-1-5-21-1844237615-329068152-682003330-1007\De38.exe (Adware.MyWebSearch) -> No action taken.
-------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 23:15:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3320620A rev.3.AAE
Running: ytv0w8ij.exe; Driver: E:\DOCUME~1\BRETTN~1\LOCALS~1\Temp\fxeyyfob.sys
---- System - GMER 1.0.15 ----
Code 86633180 ZwCreateSection
Code 866389A0 ZwDuplicateObject
Code 8655FA08 ZwSetInformationFile
Code 8632F590 ZwSetSystemInformation
Code 862C2620 ZwWriteFile
Code 8663317F NtCreateSection
Code 8663899F NtDuplicateObject
Code 8655FA07 NtSetInformationFile
Code 862C261F NtWriteFile
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 86629B00
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
---- EOF - GMER 1.0.15 ----
------------------------------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Brett Norton at 23:16:07.43 on Fri 11/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.153 [GMT -8:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\DELLMMKB.EXE
E:\WINDOWS\BCMSMMSG.exe
E:\Program Files\Netropa\OSD.exe
E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\ytv0w8ij.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\dds(2).scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [YSearchProtection] e:\program files\yahoo!\search protection\YspService.exe
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DellTouch] e:\windows\DELLMMKB.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SMSystemAnalyzer] "e:\program files\iolo\system mechanic 7\SMSystemAnalyzer.exe"
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192073469310
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
================= FIREFOX ===================
FF - ProfilePath - e:\docume~1\brettn~1\applic~1\mozilla\firefox\profiles\w7hbpfyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - plugin: e:\documents and settings\brett norton\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\documents and settings\brett norton\application data\mozilla\firefox\profiles\w7hbpfyg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-11-16 64288]
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-11-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-11-19 135336]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-11-19 267944]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-11-19 60936]
R2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\ousbehci.sys [2007-10-11 39040]
R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264]
R3 Msikbd2k;DellTouch;e:\windows\system32\drivers\Msikbd2k.sys [2007-10-8 6942]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [2007-10-11 54016]
S0 is3srv;is3srv;e:\windows\system32\drivers\is3srv.sys --> e:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;e:\windows\system32\drivers\szkg.sys --> e:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;e:\windows\system32\drivers\szkgfs.sys --> e:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-6-1 135664]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2010-11-16 38224]
S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2002-6-25 5120]
S4 Nhksrv;Netropa NHK Server;e:\windows\Nhksrv.exe [2007-10-8 28672]
=============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2010-11-20 06:03:47 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2010-11-20 06:03:47 -------- d-----w- e:\program files\Avira
2010-11-20 06:03:47 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira
2010-11-20 05:53:33 388096 ----a-r- e:\docume~1\brettn~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-20 05:50:58 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-11-20 05:50:58 -------- d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-19 10:25:39 6273872 ----a-w- e:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b31c5cf0-5979-45b3-ad03-b8650d8abee9}\mpengine.dll
2010-11-17 12:37:57 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-11-17 04:53:12 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-11-17 04:53:04 98392 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-11-17 04:50:26 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Sunbelt Software
2010-11-17 04:49:36 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-17 04:18:05 -------- d-----w- e:\docume~1\brettn~1\applic~1\Malwarebytes
2010-11-17 04:17:57 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 04:17:56 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-11-17 04:17:56 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-17 04:17:55 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-11-17 04:09:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\MFAData
2010-11-17 03:48:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-16 04:52:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-06 19:37:34 103864 ----a-w- e:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- e:\program files\internet explorer\plugins\nppdf32.dll
2010-11-06 04:36:47 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Yahoo
2010-11-06 04:32:58 -------- d-----w- e:\docume~1\brettn~1\applic~1\PriceGong
2010-11-06 04:31:42 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\FLVService
2010-11-06 04:31:35 -------- d-----w- e:\windows\Freecorder
==================== Find3M ====================
2010-10-19 18:41:44 222080 ------w- e:\windows\system32\MpSigStub.exe
2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts
============= FINISH: 23:17:10.95 ===============
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5131
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/19/2010 10:58:46 PM
mbam-log-2010-11-19 (22-58-46).txt
Scan type: Quick scan
Objects scanned: 154333
Time elapsed: 40 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
E:\Documents and Settings\Violet\My Documents\downloads\Guffins.exe (PUP.FunWebProducts) -> No action taken.
E:\RECYCLER\S-1-5-21-1844237615-329068152-682003330-1007\De38.exe (Adware.MyWebSearch) -> No action taken.
-------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-19 23:15:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3320620A rev.3.AAE
Running: ytv0w8ij.exe; Driver: E:\DOCUME~1\BRETTN~1\LOCALS~1\Temp\fxeyyfob.sys
---- System - GMER 1.0.15 ----
Code 86633180 ZwCreateSection
Code 866389A0 ZwDuplicateObject
Code 8655FA08 ZwSetInformationFile
Code 8632F590 ZwSetSystemInformation
Code 862C2620 ZwWriteFile
Code 8663317F NtCreateSection
Code 8663899F NtDuplicateObject
Code 8655FA07 NtSetInformationFile
Code 862C261F NtWriteFile
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device 86629B00
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
---- EOF - GMER 1.0.15 ----
------------------------------------------
DDS (Ver_10-11-10.01) - NTFSx86
Run by Brett Norton at 23:16:07.43 on Fri 11/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.153 [GMT -8:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
E:\Program Files\iolo\common\lib\ioloServiceManager.exe
E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\DELLMMKB.EXE
E:\WINDOWS\BCMSMMSG.exe
E:\Program Files\Netropa\OSD.exe
E:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\ytv0w8ij.exe
E:\Documents and Settings\Brett Norton\My Documents\Downloads\dds(2).scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [YSearchProtection] e:\program files\yahoo!\search protection\YspService.exe
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [DellTouch] e:\windows\DELLMMKB.EXE
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SMSystemAnalyzer] "e:\program files\iolo\system mechanic 7\SMSystemAnalyzer.exe"
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "e:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - e:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192073469310
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
================= FIREFOX ===================
FF - ProfilePath - e:\docume~1\brettn~1\applic~1\mozilla\firefox\profiles\w7hbpfyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13
FF - plugin: e:\documents and settings\brett norton\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\documents and settings\brett norton\application data\mozilla\firefox\profiles\w7hbpfyg.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: e:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truee:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-11-16 64288]
R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2010-11-19 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2010-11-19 135336]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2010-11-19 267944]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2010-11-19 60936]
R2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2008-1-26 566120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992]
R2 ousbehci;NEC PCI to USB Enhanced Host Controller;e:\windows\system32\drivers\ousbehci.sys [2007-10-11 39040]
R2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;e:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264]
R3 Msikbd2k;DellTouch;e:\windows\system32\drivers\Msikbd2k.sys [2007-10-8 6942]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;e:\windows\system32\drivers\ousb2hub.sys [2007-10-11 54016]
S0 is3srv;is3srv;e:\windows\system32\drivers\is3srv.sys --> e:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;e:\windows\system32\drivers\szkg.sys --> e:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;e:\windows\system32\drivers\szkgfs.sys --> e:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);e:\program files\google\update\GoogleUpdate.exe [2010-6-1 135664]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\e:\windows\system32\drivers\nsdriver.sys --> e:\windows\system32\drivers\NSDriver.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2010-11-16 38224]
S3 Radialpoint Security Services;Radialpoint Security Services;e:\windows\system32\dllhost.exe [2002-6-25 5120]
S4 Nhksrv;Netropa NHK Server;e:\windows\Nhksrv.exe [2007-10-8 28672]
=============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2010-11-20 06:03:47 60936 ----a-w- e:\windows\system32\drivers\avgntflt.sys
2010-11-20 06:03:47 -------- d-----w- e:\program files\Avira
2010-11-20 06:03:47 -------- d-----w- e:\docume~1\alluse~1\applic~1\Avira
2010-11-20 05:53:33 388096 ----a-r- e:\docume~1\brettn~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-20 05:50:58 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-11-20 05:50:58 -------- d-----w- e:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-19 10:25:39 6273872 ----a-w- e:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{b31c5cf0-5979-45b3-ad03-b8650d8abee9}\mpengine.dll
2010-11-17 12:37:57 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-11-17 04:53:12 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-11-17 04:53:04 98392 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-11-17 04:50:26 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Sunbelt Software
2010-11-17 04:49:36 -------- dc-h--w- e:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-17 04:18:05 -------- d-----w- e:\docume~1\brettn~1\applic~1\Malwarebytes
2010-11-17 04:17:57 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-11-17 04:17:56 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-11-17 04:17:56 -------- d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-17 04:17:55 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-11-17 04:09:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\MFAData
2010-11-17 03:48:57 -------- d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-11-16 04:52:54 -------- d-----w- e:\docume~1\alluse~1\applic~1\STOPzilla!
2010-11-06 19:37:34 103864 ----a-w- e:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- e:\program files\internet explorer\plugins\nppdf32.dll
2010-11-06 04:36:47 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\Yahoo
2010-11-06 04:32:58 -------- d-----w- e:\docume~1\brettn~1\applic~1\PriceGong
2010-11-06 04:31:42 -------- d-----w- e:\docume~1\brettn~1\locals~1\applic~1\FLVService
2010-11-06 04:31:35 -------- d-----w- e:\windows\Freecorder
==================== Find3M ====================
2010-10-19 18:41:44 222080 ------w- e:\windows\system32\MpSigStub.exe
2010-09-08 18:17:46 94208 ----a-w- e:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- e:\windows\system32\QuickTime.qts
============= FINISH: 23:17:10.95 ===============