This started by AVG prompting me to take advantage before Dec 1 and update. I said OK and the upload was stopped asking me to remove CyberDefender first and directing me to Add/Remove programs. It did not appear there or anywhere after running a search. I repeated this, same results. I then tried to skip the removal part and thought it was loaded. It was not. I contacted a tech from DailyKos which I like to read and told him I could access the videos, they were blocked. He suggested I use a different browser. All my attempts to load Firefox were unsuccessful. I finally loaded Safari which is working fine and told the tech. He then told me I had bigger problems and I am here. I have WindowsXP with Service Pack 2 I believe. Also Intel Pentium 4. I don't think I have uploaded the files accurately. I've never used these procedures before. I believe they are on my Desktop but you show a max of 2.
CyberDefender
- Status
1 - 10 of 10 Posts
Ried
Thanks, I attached DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 11:20:46.64 on Wed 12/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.134 [GMT -8:00]
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {B050F748-BFC2-4BA9-94F5-12881EBBE4AD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\downloads to save\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
D:\downloads to save\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\downloads to save\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\ALL IN ONE\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\downloads to save\SUPERAntiSpyware.exe
D:\downloads to save\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
D:\downloads to save\PSI\psi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\downloads to save\iTunesHelper.exe
D:\downloads to save\Safari.exe
C:\WINDOWS\system32\clipbrd.exe
C:\Documents and Settings\Mike\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\all in one\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\downlo~1\spybot~1\SDHelper.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\downloads to save\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\downloads to save\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\mike\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\downloads to save\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] d:\downloads to save\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [QuickTime Task] "D:\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "d:\downloads to save\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\downloads to save\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [HP Software Update] d:\all in one\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "d:\downloads to save\iTunesHelper.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\secuni~1.lnk - d:\downloads to save\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxli~1.lnk - c:\program files\efax messenger plus 3.3\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger plus 3.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\all in one\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\downlo~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227391056390
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Notify: !SASWinLogon - d:\downloads to save\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\msupt58e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - keyword.url
FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npjp2.dll
FF - plugin: d:\downloads to save\mozilla plugins\npitunes.dll
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - plugin: d:\plugins\npqtplugin6.dll
FF - plugin: d:\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;d:\downloads to save\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;d:\downloads to save\SASKUTIL.SYS [2009-1-15 74480]
R2 FreeAgentGoNext Service;Seagate Service;d:\downloads to save\sync\FreeAgentService.exe [2009-1-16 161064]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;d:\downloads to save\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9944045c9466a;Google Update Service (gupdate1c9944045c9466a);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys [2003-11-23 50360]
=============== Created Last 30 ================
2009-12-08 15:39:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-08 15:38:21 0 d-----w- c:\program files\iPod
2009-12-07 20:40:58 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 19:38:21 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-07 03:37:11 0 d-----w- c:\program files\MSECACHE
2009-12-04 18:59:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-01 18:06:29 0 d-----w- c:\docume~1\mike\applic~1\AVG8
2009-12-01 06:40:29 0 d--h--w- C:\$AVG
2009-12-01 06:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-30 15:57:07 2979 ------w- c:\windows\hpwmdl22.dat.temp
2009-11-30 15:57:07 188971 ------w- c:\windows\hpwins22.dat.temp
2009-11-30 07:00:41 77349 ----a-w- c:\windows\hpqins05.dat
2009-11-30 00:21:02 0 d-----w- c:\docume~1\mike\applic~1\HpUpdate
2009-11-28 23:17:17 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-11-28 22:55:02 0 d-----w- c:\windows\hpojp8500a909
2009-11-28 22:54:01 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 22:53:56 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 22:53:27 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-11-28 22:53:26 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 22:53:10 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 22:52:45 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-11-28 22:52:45 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-11-28 22:52:45 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 22:52:45 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 22:51:20 0 d-----w- c:\program files\common files\HP
2009-11-28 22:44:12 188971 ------w- c:\windows\hpwins22.dat
2009-11-28 22:44:11 2979 ------w- c:\windows\hpwmdl22.dat
2009-11-25 20:01:23 0 d-----w- c:\documents and settings\mike\.SunDownloadManager
2009-11-16 18:15:37 0 d-----w- c:\docume~1\mike\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-11 22:54:52 3247 ----a-w- c:\windows\system32\wbem\Outlook_01ca6321fa6d0600.mof
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2009-12-04 20:09:34 83688 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-06 03:46:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:31:46 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-29 22:48:42 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-28 17:58:48 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
============= FINISH: 11:21:20.35 ===============
Thanks, I attached DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 11:20:46.64 on Wed 12/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.134 [GMT -8:00]
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {B050F748-BFC2-4BA9-94F5-12881EBBE4AD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\downloads to save\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
D:\downloads to save\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\downloads to save\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\ALL IN ONE\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Documents and Settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\downloads to save\SUPERAntiSpyware.exe
D:\downloads to save\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
D:\downloads to save\PSI\psi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\downloads to save\iTunesHelper.exe
D:\downloads to save\Safari.exe
C:\WINDOWS\system32\clipbrd.exe
C:\Documents and Settings\Mike\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\all in one\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\downlo~1\spybot~1\SDHelper.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\downloads to save\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\downloads to save\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\mike\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\downloads to save\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] d:\downloads to save\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [QuickTime Task] "D:\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "d:\downloads to save\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\downloads to save\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [HP Software Update] d:\all in one\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "d:\downloads to save\iTunesHelper.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\secuni~1.lnk - d:\downloads to save\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxli~1.lnk - c:\program files\efax messenger plus 3.3\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger plus 3.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\all in one\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\downlo~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227391056390
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Notify: !SASWinLogon - d:\downloads to save\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\msupt58e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - keyword.url
FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npjp2.dll
FF - plugin: d:\downloads to save\mozilla plugins\npitunes.dll
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - plugin: d:\plugins\npqtplugin6.dll
FF - plugin: d:\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;d:\downloads to save\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;d:\downloads to save\SASKUTIL.SYS [2009-1-15 74480]
R2 FreeAgentGoNext Service;Seagate Service;d:\downloads to save\sync\FreeAgentService.exe [2009-1-16 161064]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;d:\downloads to save\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9944045c9466a;Google Update Service (gupdate1c9944045c9466a);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys [2003-11-23 50360]
=============== Created Last 30 ================
2009-12-08 15:39:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-08 15:38:21 0 d-----w- c:\program files\iPod
2009-12-07 20:40:58 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 19:38:21 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-07 03:37:11 0 d-----w- c:\program files\MSECACHE
2009-12-04 18:59:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-01 18:06:29 0 d-----w- c:\docume~1\mike\applic~1\AVG8
2009-12-01 06:40:29 0 d--h--w- C:\$AVG
2009-12-01 06:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-30 15:57:07 2979 ------w- c:\windows\hpwmdl22.dat.temp
2009-11-30 15:57:07 188971 ------w- c:\windows\hpwins22.dat.temp
2009-11-30 07:00:41 77349 ----a-w- c:\windows\hpqins05.dat
2009-11-30 00:21:02 0 d-----w- c:\docume~1\mike\applic~1\HpUpdate
2009-11-28 23:17:17 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-11-28 22:55:02 0 d-----w- c:\windows\hpojp8500a909
2009-11-28 22:54:01 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 22:53:56 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 22:53:27 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-11-28 22:53:26 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 22:53:10 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 22:52:45 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-11-28 22:52:45 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-11-28 22:52:45 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 22:52:45 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 22:51:20 0 d-----w- c:\program files\common files\HP
2009-11-28 22:44:12 188971 ------w- c:\windows\hpwins22.dat
2009-11-28 22:44:11 2979 ------w- c:\windows\hpwmdl22.dat
2009-11-25 20:01:23 0 d-----w- c:\documents and settings\mike\.SunDownloadManager
2009-11-16 18:15:37 0 d-----w- c:\docume~1\mike\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-11 22:54:52 3247 ----a-w- c:\windows\system32\wbem\Outlook_01ca6321fa6d0600.mof
2009-11-11 07:08:24 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2009-11-11 07:08:24 69632 ----a-w- c:\windows\system32\QuickTime.qts
==================== Find3M ====================
2009-12-04 20:09:34 83688 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-06 03:46:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:31:46 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-29 22:48:42 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-28 17:58:48 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
============= FINISH: 11:21:20.35 ===============
I'm sorry I missed this before. Attached is DDS.txt
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 17:27:28.95 on Sat 12/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.94 [GMT -8:00]
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {B050F748-BFC2-4BA9-94F5-12881EBBE4AD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\downloads to save\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
D:\downloads to save\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
D:\QTTask.exe
D:\downloads to save\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\ALL IN ONE\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\downloads to save\iTunesHelper.exe
C:\Documents and Settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\downloads to save\SUPERAntiSpyware.exe
D:\downloads to save\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
D:\downloads to save\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
D:\downloads to save\Safari.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\ey57p8wb.tmp\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\all in one\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\downlo~1\spybot~1\SDHelper.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\downloads to save\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\downloads to save\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\mike\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\downloads to save\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] d:\downloads to save\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [QuickTime Task] "D:\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "d:\downloads to save\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\downloads to save\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [HP Software Update] d:\all in one\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "d:\downloads to save\iTunesHelper.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\secuni~1.lnk - d:\downloads to save\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxli~1.lnk - c:\program files\efax messenger plus 3.3\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger plus 3.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\all in one\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\downlo~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227391056390
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Notify: !SASWinLogon - d:\downloads to save\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\msupt58e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - keyword.url
FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npjp2.dll
FF - plugin: d:\downloads to save\mozilla plugins\npitunes.dll
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - plugin: d:\plugins\npqtplugin6.dll
FF - plugin: d:\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;d:\downloads to save\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;d:\downloads to save\SASKUTIL.SYS [2009-1-15 74480]
R2 FreeAgentGoNext Service;Seagate Service;d:\downloads to save\sync\FreeAgentService.exe [2009-1-16 161064]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;d:\downloads to save\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9944045c9466a;Google Update Service (gupdate1c9944045c9466a);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys [2003-11-23 50360]
=============== Created Last 30 ================
2009-12-12 20:02:27 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-12-12 20:02:27 99328 ----a-w- c:\windows\system32\srusd.dll
2009-12-12 02:47:27 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-12 02:47:27 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-08 15:39:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-08 15:38:21 0 d-----w- c:\program files\iPod
2009-12-07 20:40:58 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 19:38:21 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-07 03:37:11 0 d-----w- c:\program files\MSECACHE
2009-12-04 18:59:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-01 18:06:29 0 d-----w- c:\docume~1\mike\applic~1\AVG8
2009-12-01 06:40:29 0 d--h--w- C:\$AVG
2009-12-01 06:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-30 15:57:07 2979 ------w- c:\windows\hpwmdl22.dat.temp
2009-11-30 15:57:07 188971 ------w- c:\windows\hpwins22.dat.temp
2009-11-30 07:00:41 77349 ----a-w- c:\windows\hpqins05.dat
2009-11-30 00:21:02 0 d-----w- c:\docume~1\mike\applic~1\HpUpdate
2009-11-28 23:17:17 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-11-28 22:55:02 0 d-----w- c:\windows\hpojp8500a909
2009-11-28 22:54:01 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 22:53:56 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 22:53:27 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-11-28 22:53:26 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 22:53:10 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 22:52:45 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-11-28 22:52:45 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-11-28 22:52:45 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 22:52:45 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 22:51:20 0 d-----w- c:\program files\common files\HP
2009-11-28 22:44:12 188971 ------w- c:\windows\hpwins22.dat
2009-11-28 22:44:11 2979 ------w- c:\windows\hpwmdl22.dat
2009-11-25 20:01:23 0 d-----w- c:\documents and settings\mike\.SunDownloadManager
2009-11-16 18:15:37 0 d-----w- c:\docume~1\mike\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
==================== Find3M ====================
2009-12-04 20:09:34 83688 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-06 03:46:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:31:46 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-29 22:48:42 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 17:58:48 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
============= FINISH: 17:28:12.78 ===============
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mike at 17:27:28.95 on Sat 12/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.94 [GMT -8:00]
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {B050F748-BFC2-4BA9-94F5-12881EBBE4AD}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\downloads to save\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
D:\downloads to save\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
D:\QTTask.exe
D:\downloads to save\FreeAgent Status\StxMenuMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\ALL IN ONE\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
D:\downloads to save\iTunesHelper.exe
C:\Documents and Settings\Mike\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\downloads to save\SUPERAntiSpyware.exe
D:\downloads to save\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
D:\downloads to save\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
D:\downloads to save\Safari.exe
C:\WINDOWS\system32\msiexec.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\ey57p8wb.tmp\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - d:\all in one\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\downlo~1\spybot~1\SDHelper.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\downloads to save\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\downloads to save\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SansaDispatch] c:\documents and settings\mike\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] d:\downloads to save\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] d:\downloads to save\spybot - search & destroy\TeaTimer.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [QuickTime Task] "D:\QTTask.exe" -atboottime
mRun: [MaxMenuMgr] "d:\downloads to save\freeagent status\StxMenuMgr.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\downloads to save\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [HP Software Update] d:\all in one\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "d:\downloads to save\iTunesHelper.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\secuni~1.lnk - d:\downloads to save\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxli~1.lnk - c:\program files\efax messenger plus 3.3\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger plus 3.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\all in one\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - d:\all in one\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\downlo~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227391056390
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - hxxp://www2.incredimail.com/contents/setup/downloader/imloader.cab
Notify: !SASWinLogon - d:\downloads to save\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mike\applic~1\mozilla\firefox\profiles\msupt58e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - keyword.url
FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\mike\application data\mozilla\firefox\profiles\msupt58e.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\downloads to save\bin\new_plugin\npjp2.dll
FF - plugin: d:\downloads to save\mozilla plugins\npitunes.dll
FF - plugin: d:\plugins\npqtplugin.dll
FF - plugin: d:\plugins\npqtplugin2.dll
FF - plugin: d:\plugins\npqtplugin3.dll
FF - plugin: d:\plugins\npqtplugin4.dll
FF - plugin: d:\plugins\npqtplugin5.dll
FF - plugin: d:\plugins\npqtplugin6.dll
FF - plugin: d:\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 SASDIFSV;SASDIFSV;d:\downloads to save\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;d:\downloads to save\SASKUTIL.SYS [2009-1-15 74480]
R2 FreeAgentGoNext Service;Seagate Service;d:\downloads to save\sync\FreeAgentService.exe [2009-1-16 161064]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 SASENUM;SASENUM;d:\downloads to save\SASENUM.SYS [2009-1-15 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9944045c9466a;Google Update Service (gupdate1c9944045c9466a);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S3 HPZs2k12;Storage Class Driver for IEEE-1284.4 (HPZ12);c:\windows\system32\drivers\hpzs2k12.sys [2003-11-23 50360]
=============== Created Last 30 ================
2009-12-12 20:02:27 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-12-12 20:02:27 99328 ----a-w- c:\windows\system32\srusd.dll
2009-12-12 02:47:27 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-12-12 02:47:27 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-12-08 15:39:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-08 15:38:21 0 d-----w- c:\program files\iPod
2009-12-07 20:40:58 0 d-----w- c:\windows\system32\wbem\Repository
2009-12-07 19:38:21 0 d-----w- c:\program files\Windows Installer Clean Up
2009-12-07 03:37:11 0 d-----w- c:\program files\MSECACHE
2009-12-04 18:59:23 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-01 18:06:29 0 d-----w- c:\docume~1\mike\applic~1\AVG8
2009-12-01 06:40:29 0 d--h--w- C:\$AVG
2009-12-01 06:37:59 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-30 15:57:07 2979 ------w- c:\windows\hpwmdl22.dat.temp
2009-11-30 15:57:07 188971 ------w- c:\windows\hpwins22.dat.temp
2009-11-30 07:00:41 77349 ----a-w- c:\windows\hpqins05.dat
2009-11-30 00:21:02 0 d-----w- c:\docume~1\mike\applic~1\HpUpdate
2009-11-28 23:17:17 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2009-11-28 22:55:02 0 d-----w- c:\windows\hpojp8500a909
2009-11-28 22:54:01 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 22:53:56 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 22:53:27 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-11-28 22:53:26 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 22:53:10 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 22:52:45 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-11-28 22:52:45 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-11-28 22:52:45 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 22:52:45 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 22:51:20 0 d-----w- c:\program files\common files\HP
2009-11-28 22:44:12 188971 ------w- c:\windows\hpwins22.dat
2009-11-28 22:44:11 2979 ------w- c:\windows\hpwmdl22.dat
2009-11-25 20:01:23 0 d-----w- c:\documents and settings\mike\.SunDownloadManager
2009-11-16 18:15:37 0 d-----w- c:\docume~1\mike\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
==================== Find3M ====================
2009-12-04 20:09:34 83688 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-06 03:46:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 04:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 16:31:46 926720 ----a-w- c:\windows\system32\MyDefragScreenSaver.exe
2009-10-29 22:48:42 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-28 17:58:48 93696 ----a-w- c:\windows\system32\MyDefragScreenSaver.scr
2009-10-21 06:00:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58:48 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
============= FINISH: 17:28:12.78 ===============
Joined
·
42,952 Posts
Thank you. 
![]()
1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root/SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply
If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.
Now try again to install AVG. Let me know how that worked out for you.
1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root/SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply
If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.
Now try again to install AVG. Let me know how that worked out for you.
Ried
Thank you for your help and great patience. Your suggestion was the answer. I have installed AVG successfully and feel I am now protected. Be it coincidence or not, my wife had received an alert from a bank alerting us to someone trying to purchase something on line with one of her credit cards.
Mike McKenna
Thank you for your help and great patience. Your suggestion was the answer. I have installed AVG successfully and feel I am now protected. Be it coincidence or not, my wife had received an alert from a bank alerting us to someone trying to purchase something on line with one of her credit cards.
Mike McKenna
1 - 10 of 10 Posts
- Status
Join the discussion
