.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by User at 11:12:09 on 2011-06-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.605 [GMT -4:00]
.
AV: The Shield Deluxe Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
.
============== Pseudo HJT Report ===============
.
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\a30mjusm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.europeanautobodyoftampa.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl78d3d2a7;MpKsl78d3d2a7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\MpKsl78d3d2a7.sys [2011-6-28 28752]
R1 SASDIFSV;SASDIFSV;c:\docume~1\user\locals~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\user\locals~1\temp\sas_selfextract\SASKUTIL.SYS [2010-5-10 67656]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S1 MpKsl0761f5dc;MpKsl0761f5dc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{302ce733-65a1-442b-8fdb-78aa8ed6a532}\mpksl0761f5dc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{302ce733-65a1-442b-8fdb-78aa8ed6a532}\MpKsl0761f5dc.sys [?]
S1 MpKslbd2044a1;MpKslbd2044a1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cfe13b4c-e552-4eb5-9b28-49f5e7df9c7c}\mpkslbd2044a1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cfe13b4c-e552-4eb5-9b28-49f5e7df9c7c}\MpKslbd2044a1.sys [?]
S1 MpKslc8494b66;MpKslc8494b66;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6cfd7f3-847e-403e-8774-beb0ab921744}\mpkslc8494b66.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6cfd7f3-847e-403e-8774-beb0ab921744}\MpKslc8494b66.sys [?]
S1 MpKsldccef9b5;MpKsldccef9b5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{229e5039-1a86-42b1-8e44-237a7951cd3c}\mpksldccef9b5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{229e5039-1a86-42b1-8e44-237a7951cd3c}\MpKsldccef9b5.sys [?]
S1 MpKsle36e1dfe;MpKsle36e1dfe;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b501284b-1a6c-45dd-88cb-e8f4ff4a6226}\mpksle36e1dfe.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b501284b-1a6c-45dd-88cb-e8f4ff4a6226}\MpKsle36e1dfe.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-3-12 184968]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-7-24 24652]
.
=============== Created Last 30 ================
.
2011-06-28 14:42:21 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\MpKsl78d3d2a7.sys
2011-06-28 14:37:56 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-06-28 14:37:54 -------- d-----w- c:\program files\Trend Micro
2011-06-27 14:26:03 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ecb5bdbd-6227-4d7f-b472-8715744bba6e}\mpengine.dll
2011-06-25 14:05:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 14:05:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-16 13:21:35 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-16 13:21:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-16 13:21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-14 19:38:07 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-04 02:17:11 -------- d-----w- c:\program files\Risoria
2011-06-04 02:13:19 -------- d---a-w- c:\program files\FastTrak
2011-06-03 18:20:24 -------- d--h--w- c:\documents and settings\user\application data\TeamViewer
2011-06-03 18:20:01 -------- d-----w- c:\program files\TeamViewer
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-28 16:13:02 72080 ---ha-w- c:\documents and settings\user\g2mdlhlpx.exe
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-14 06:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 11:12:53.62 ===============