I'm not quite sure what, if anything is going on here, but I'm having some problems and when I was surfing last night A-Squared threw up so many warnings every time I tried to connect to a page that I ended up shutting it down. Today, I ran a scan and it came back all clear, as did Kaspersky AV. I am still leary though.
The problems started benignly enough but seemed to multiply.
-My printer won't print from any web browser. The message comes up, it looks as though it will print, then it sits in the queue. It had just printed something moments before from the net but now it won't. Pages from Word, Notepad and running a Printer Test Page print fine, but from the browsers will not. (EDIT- IE will now print. FF will still not.) I've checked the connections, reset them, unplugged and waited then plugged back in; nothing's worked. In trying to deal with that, other things came up.
-System Restore will not work. It goes through the entire process, seems as though it is working, then when the computer comes back on, and the restore message pops up, it says "System Restore was unsuccessful. Unspecified error." I have used it before and it has always worked well.
-While monitoring an install, ZSoft Uninstaller, became stuck on the taskbar. It was minimized to the taskbar and would not maximize. Right clicking didn't give me a context menu and nothing I did could make anything happen with the program. I brought up the task manager to try to end the task from there
and it wouldn't end. I then noticed csrss.exe near the top. I'd not noticed that program before and it gave no description so I googled it and learned that it could be a serious virus. Some reports said it was normal but more said it was a virus and a very high-threat one at that.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Kelly at 14:12:17.76 on 30/07/2009
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1918.1020 [GMT -4:00]
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Atomic Alarm Clock\timeserv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Chameleon Clock\settime.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelly\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://livejournal.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: &Linkman: {5c9dca26-cec4-4280-a831-d622d4dbf113} - k:\linkman\LinkmanCom.dll
uRun: [Linkman] k:\linkman\Linkman.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: >Search in Linkman - file://k:\linkman\iescript_search.htm
IE: Add to Linkman - file://k:\linkman\iescript_add.htm
IE: Add to Linkman and Edit - file://k:\linkman\iescript_edit.htm
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: Show Linkman - file://k:\linkman\iescript_show.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\5ex6ttsr.kelly 2\
FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\atomic alarm clock\timeserv.exe [2008-9-24 414720]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;c:\program files\chameleon clock\settime.exe [2008-10-11 58880]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-6-15 331312]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-8-4 5120]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-7-1 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-14 16640]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-7-22 57640]
=============== Created Last 30 ================
2009-07-30 10:28 <DIR> --d----- c:\program files\Trend Micro
2009-07-30 00:39 <DIR> --d----- C:\Hotspot Shield
2009-07-30 00:36 <DIR> --d----- c:\program files\Hotspot Shield
2009-07-30 00:11 <DIR> --d----- c:\program files\ZSoft
2009-07-29 22:16 8,704 a------- c:\windows\system32\SpOrder.dll
2009-07-29 22:15 73,728 a------- c:\windows\system32\VistaInfo32.dll
2009-07-29 22:12 172,032 a------- c:\windows\system32\PCProxy.dll.old.ggitelhoiph
2009-07-29 15:01 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-29 15:01 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-29 15:01 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-29 15:01 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-29 15:01 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-29 15:01 11,264 a------- c:\windows\system32\icardres.dll
2009-07-29 15:01 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-29 15:01 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-29 14:58 52,232,192 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-07-29 14:58 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-07-29 14:58 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-07-29 14:51 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-29 14:51 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-29 14:51 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-29 14:51 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-29 14:50 83,968 a------- c:\windows\system32\mscories.dll
2009-07-26 23:19 <DIR> --d----- c:\program files\Spirits of Metropolis v1.10
2009-07-26 15:40 <DIR> --d----- c:\program files\iPod
2009-07-25 14:06 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-25 14:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-25 14:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-25 14:06 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-25 14:06 24,064 a------- c:\windows\system32\lpk.dll
2009-07-25 14:06 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-22 15:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-13 19:44 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-01 22:34 33,840 a------- c:\windows\system32\drivers\HssDrv.sys
==================== Find3M ====================
2009-07-30 11:27 3,432 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-30 11:11 688,160 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-30 10:11 1,039,040 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-30 10:11 77,446,688 a------- c:\windows\system32\drivers\fidbox.dat
2009-07-30 00:39 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-30 00:39 86,016 a------- c:\windows\inf\infstor.dat
2009-07-30 00:39 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2008-12-29 00:41 174 a--sh--- c:\program files\desktop.ini
2008-06-17 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-16 00:00 466 a------- c:\users\kelly\appdata\roaming\wklnhst.dat
2007-06-03 00:34 20,869,456 a------- c:\users\kelly\kav6.0.2.621en.exe
2007-03-09 22:30 258,653 a------- c:\users\kelly\Semagic_dictionary_en_US.exe
2007-02-27 02:19 7,106,392 a------- c:\users\kelly\ITP32Eng.exe
2007-02-27 02:19 6,767,488 a------- c:\users\kelly\IP32Eng.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-09-20 00:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-20 00:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-20 00:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-01 17:13 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-04-01 17:13 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-03-03 23:52 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2007-03-03 23:52 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2007-03-03 23:52 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-04-01 17:13 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-06-03 01:35 5 a--sh--- c:\windows\system32\bcbbfdbf_g.dll
2008-09-05 20:06 45,041,952 a--sh--- c:\windows\system32\drivers\fidbox(23).dat
============= FINISH: 14:13:07.88 ===============
The problems started benignly enough but seemed to multiply.
-My printer won't print from any web browser. The message comes up, it looks as though it will print, then it sits in the queue. It had just printed something moments before from the net but now it won't. Pages from Word, Notepad and running a Printer Test Page print fine, but from the browsers will not. (EDIT- IE will now print. FF will still not.) I've checked the connections, reset them, unplugged and waited then plugged back in; nothing's worked. In trying to deal with that, other things came up.
-System Restore will not work. It goes through the entire process, seems as though it is working, then when the computer comes back on, and the restore message pops up, it says "System Restore was unsuccessful. Unspecified error." I have used it before and it has always worked well.
-While monitoring an install, ZSoft Uninstaller, became stuck on the taskbar. It was minimized to the taskbar and would not maximize. Right clicking didn't give me a context menu and nothing I did could make anything happen with the program. I brought up the task manager to try to end the task from there
and it wouldn't end. I then noticed csrss.exe near the top. I'd not noticed that program before and it gave no description so I googled it and learned that it could be a serious virus. Some reports said it was normal but more said it was a virus and a very high-threat one at that.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Kelly at 14:12:17.76 on 30/07/2009
Internet Explorer: 7.0.6000.16890
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.2.1033.18.1918.1020 [GMT -4:00]
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Atomic Alarm Clock\timeserv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Chameleon Clock\settime.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelly\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://livejournal.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: &Linkman: {5c9dca26-cec4-4280-a831-d622d4dbf113} - k:\linkman\LinkmanCom.dll
uRun: [Linkman] k:\linkman\Linkman.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [<NO NAME>]
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: >Search in Linkman - file://k:\linkman\iescript_search.htm
IE: Add to Linkman - file://k:\linkman\iescript_add.htm
IE: Add to Linkman and Edit - file://k:\linkman\iescript_edit.htm
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: Show Linkman - file://k:\linkman\iescript_show.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: microsoft.com\office
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\5ex6ttsr.kelly 2\
FF - prefs.js: browser.startup.homepage - hxxp://ca.my.yahoo.com/
============= SERVICES / DRIVERS ===============
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\atomic alarm clock\timeserv.exe [2008-9-24 414720]
R2 ChamClock Set Time Service for Vista;Chameleon Clock Set Time for Vista;c:\program files\chameleon clock\settime.exe [2008-10-11 58880]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-6-15 331312]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-8-4 5120]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-7-1 33840]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-14 16640]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-7-22 57640]
=============== Created Last 30 ================
2009-07-30 10:28 <DIR> --d----- c:\program files\Trend Micro
2009-07-30 00:39 <DIR> --d----- C:\Hotspot Shield
2009-07-30 00:36 <DIR> --d----- c:\program files\Hotspot Shield
2009-07-30 00:11 <DIR> --d----- c:\program files\ZSoft
2009-07-29 22:16 8,704 a------- c:\windows\system32\SpOrder.dll
2009-07-29 22:15 73,728 a------- c:\windows\system32\VistaInfo32.dll
2009-07-29 22:12 172,032 a------- c:\windows\system32\PCProxy.dll.old.ggitelhoiph
2009-07-29 15:01 97,800 a------- c:\windows\system32\infocardapi.dll
2009-07-29 15:01 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-29 15:01 622,080 a------- c:\windows\system32\icardagt.exe
2009-07-29 15:01 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-07-29 15:01 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-07-29 15:01 11,264 a------- c:\windows\system32\icardres.dll
2009-07-29 15:01 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-07-29 15:01 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-07-29 14:58 52,232,192 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-07-29 14:58 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-07-29 14:58 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-07-29 14:51 96,760 a------- c:\windows\system32\dfshim.dll
2009-07-29 14:51 282,112 a------- c:\windows\system32\mscoree.dll
2009-07-29 14:51 41,984 a------- c:\windows\system32\netfxperf.dll
2009-07-29 14:51 158,720 a------- c:\windows\system32\mscorier.dll
2009-07-29 14:50 83,968 a------- c:\windows\system32\mscories.dll
2009-07-26 23:19 <DIR> --d----- c:\program files\Spirits of Metropolis v1.10
2009-07-26 15:40 <DIR> --d----- c:\program files\iPod
2009-07-25 14:06 156,160 a------- c:\windows\system32\t2embed.dll
2009-07-25 14:06 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-25 14:06 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-25 14:06 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-25 14:06 24,064 a------- c:\windows\system32\lpk.dll
2009-07-25 14:06 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-22 15:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-13 19:44 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-01 22:34 33,840 a------- c:\windows\system32\drivers\HssDrv.sys
==================== Find3M ====================
2009-07-30 11:27 3,432 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-07-30 11:11 688,160 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-07-30 10:11 1,039,040 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-07-30 10:11 77,446,688 a------- c:\windows\system32\drivers\fidbox.dat
2009-07-30 00:39 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-30 00:39 86,016 a------- c:\windows\inf\infstor.dat
2009-07-30 00:39 51,200 a------- c:\windows\inf\infpub.dat
2009-07-18 08:17 827,392 a------- c:\windows\system32\wininet.dll
2009-07-18 08:10 56,320 a------- c:\windows\system32\iesetup.dll
2009-07-18 08:10 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 08:10 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-07-18 08:07 72,704 a------- c:\windows\system32\admparse.dll
2009-07-18 06:00 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-18 04:34 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-05 11:42 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2008-12-29 00:41 174 a--sh--- c:\program files\desktop.ini
2008-06-17 18:22 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-16 00:00 466 a------- c:\users\kelly\appdata\roaming\wklnhst.dat
2007-06-03 00:34 20,869,456 a------- c:\users\kelly\kav6.0.2.621en.exe
2007-03-09 22:30 258,653 a------- c:\users\kelly\Semagic_dictionary_en_US.exe
2007-02-27 02:19 7,106,392 a------- c:\users\kelly\ITP32Eng.exe
2007-02-27 02:19 6,767,488 a------- c:\users\kelly\IP32Eng.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-09-20 00:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-09-20 00:24 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-09-20 00:24 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-04-01 17:13 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-04-01 17:13 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-03-03 23:52 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2007-03-03 23:52 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2007-03-03 23:52 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-04-01 17:13 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-06-03 01:35 5 a--sh--- c:\windows\system32\bcbbfdbf_g.dll
2008-09-05 20:06 45,041,952 a--sh--- c:\windows\system32\drivers\fidbox(23).dat
============= FINISH: 14:13:07.88 ===============
