View Single Post
 
Old 06-13-2012, 11:41 PM
onslaught onslaught is offline
New Member
 
Join Date: Apr 2005
Location: Sydney, Australia
Posts: 13
DDS scan is

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by User at 14:29:17 on 2012-06-14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.2002.1325 [GMT 10:00]
.
AV: ZoneAlarm Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uCustomizeSearch = hxxp://search.joobers.com/toolbar/CustomizeSearch
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = ${SEARCH_URL_IE7}
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\watch football tv\tbhelper.dll
uURLSearchHooks: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
uURLSearchHooks: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
uURLSearchHooks: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: TBSB05245 Class: {65c117be-6005-4b7e-811a-2e8a046c52a6} - c:\program files\watch football tv\tbcore3.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\s wg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\user\application data\flashgetbho\FlashGetBHO3.dll
BHO: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
BHO: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
TB: Watch Football TV: {8e114b8e-c041-4063-a432-ebbf454e9057} - c:\program files\watch football tv\tbcore3.dll
TB: TranslatorBar 3.3 Toolbar: {e7f7b7dc-7dec-4e84-9a87-ece02e8a160a} - c:\program files\translatorbar_3.3\prxtbTra2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Elf 1.13 Toolbar: {b80f591e-fe9a-46cf-a13e-180377240586} - c:\program files\elf_1.13\prxtbElf0.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\Tru stCheckerIEPlugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx. dll
TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: WiseConvert Toolbar: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files\wiseconvert\prxtbWise.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {252E8A9B-56BD-4FC4-B5C2-2A2A1F0975B0} - No File
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [WireLessMouse ] c:\program files\multimedia combo set\MouseDrv.exe
mRun: [WireLessKeyboard ] c:\program files\multimedia combo set\PS2USBKbdDrv.exe
mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISW]
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - http://tbedits.videodownloadconverte...D&n=2012052623
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\user\application data\flashgetbho\GetUrl.htm
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1DAC1A8F-2858-46CF-9666-25B614170B45} : DhcpNameServer = 10.0.0.138
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2012-5-7 133208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\ symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010 .005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\bashdefs\2 0120531.001\BHDrvx86.sys [2012-6-6 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.00 5\ccsetx86.sys [2012-5-18 132744]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2012-5-7 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-5-7 485808]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005 \ironx86.sys [2012-5-18 149624]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-5-3 526608]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497280]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [2008-8-2 3712]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-8-9 126904]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-8-2 2514944]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2012-4-20 285152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-4 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\ipsdefs\20 120613.007\IDSXpx86.sys [2012-6-13 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVENG.SYS [2012-6-14 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.6.2.10\definitions\virusdefs\ 20120613.019\NAVEX15.SYS [2012-6-14 1589752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPl ayerUpdateService.exe [2012-4-13 257696]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2008-8-2 36256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-5 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2012-4-20 50704]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2011-10-21 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2011-10-21 105216]
.
=============== Created Last 30 ================
.
2012-06-14 02:31:41 -------- d-----w- c:\program files\ESET
2012-06-13 02:22:49 54016 ----a-w- c:\windows\system32\drivers\jquxi.sys
2012-06-13 01:38:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 23:34:34 -------- d-----w- c:\documents and settings\user\application data\PriceGong
2012-06-06 21:18:57 -------- d-----w- c:\documents and settings\user\application data\searchqutoolbar
2012-06-06 21:08:01 -------- d-----w- c:\documents and settings\user\local settings\application data\WiseConvert
2012-06-06 21:07:51 -------- d-----w- c:\program files\WiseConvert
2012-06-06 01:44:34 -------- d-----w- c:\documents and settings\user\application data\SpeedyPC Software
2012-06-06 00:43:55 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-06-05 06:00:01 -------- d-----w- c:\documents and settings\user\application data\SpeedMaxPc
2012-06-05 05:59:34 -------- d-----w- c:\documents and settings\all users\application data\SpeedMaxPc
2012-05-29 01:24:10 -------- d-----w- c:\program files\DealPly
2012-05-29 01:23:36 -------- d-----w- c:\program files\Yontoo
2012-05-29 01:23:33 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2012-05-28 07:41:41 -------- d-----w- c:\documents and settings\user\application data\ElevatedDiagnostics
2012-05-27 03:11:50 -------- d-----w- c:\documents and settings\user\AppData
2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\local settings\application data\Ilivid Player
2012-05-27 03:11:48 -------- d-----w- c:\documents and settings\user\application data\searchquband
2012-05-22 23:46:26 -------- d-----w- c:\documents and settings\all users\application data\DriverGenius
2012-05-18 07:32:54 388216 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi .sys
2012-05-18 07:32:54 345208 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symtdi v.sys
2012-05-18 07:32:53 905336 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symefa .sys
2012-05-18 07:32:53 574072 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtsp. sys
2012-05-18 07:32:53 340088 ----a-r- c:\windows\system32\drivers\nav\1307010.005\symds. sys
2012-05-18 07:32:53 32888 ----a-w- c:\windows\system32\drivers\nav\1307010.005\srtspx .sys
2012-05-18 07:32:53 318584 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symnet s.sys
2012-05-18 07:32:52 149624 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ironx8 6.sys
2012-05-18 07:32:52 132744 ----a-w- c:\windows\system32\drivers\nav\1307010.005\ccsetx 86.sys
2012-05-18 07:32:34 4782 ----a-w- c:\windows\system32\drivers\nav\1307010.005\symvtc er.dat
2012-05-18 07:32:34 -------- d-----w- c:\windows\system32\drivers\nav\1307010.005
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-04 23:51:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 23:51:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 23:04:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-15 23:04:26 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2008-08-05 02:59:39 16 ----a-w- c:\program files\temp.bat
.
============= FINISH: 14:30:08.64 ===============
__________________
Win XP Home - SP2 - 2.4GHz Intel P4, 256MB RAM, 40GB HD, CD RW, DSL internet. M$ Office, Norton, ZA, Spybot/Adaware.
Reply With Quote