DDS file
DDS (Ver_10-12-12.02) - NTFSx86
Run by James at 21:28:15.29 on Sun 01/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1555 [GMT -5:00]
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\PROGRA~1\TVOBLO~1\nsfx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\msascui .exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "f:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NetSweeperAgent] c:\progra~1\tvoblo~1\nsfx.exe
mRun: [NetSweeperLSPReset] "c:\program files\tvo blockit\instlsp.exe" -a -z "msafd tcpip" -n "liger" -d "c:\windows\system32\liger.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\liger.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229889993296
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229948964531
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\james\applic~1\mozilla\firefox\profiles\tvk7wfi2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\documents and settings\james\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]
R1 MpKsl2afa5080;MpKsl2afa5080;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl2afa5080.sys [2011-1-23 28752]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-10-19 23096]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-7 38224]
S1 MpKsl97232ac2;MpKsl97232ac2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl97232ac2.sys [2011-1-23 28752]
S2 gupdate1ca0b373d0dde0a;Google Update Service (gupdate1ca0b373d0dde0a);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\james\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\james\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-10-19 3768]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2008-10-19 208896]
S4 nsfxsrv;nsfx service;c:\program files\tvo blockit\nsfxsrv.exe [2008-12-12 45056]
=============== Created Last 30 ================
2011-01-24 02:28:13 98816 ----a-w- c:\temp\8.tmp\SED.DAT
2011-01-24 02:28:13 518144 ----a-w- c:\temp\8.tmp\SWREG.DAT
2011-01-24 02:28:13 256512 ----a-w- c:\temp\8.tmp\PEV.DAT
2011-01-24 02:28:12 89088 ----a-w- c:\temp\8.tmp\MBR.DAT
2011-01-24 02:14:11 98816 ----a-w- c:\temp\rarsfx4\sed.exe
2011-01-24 02:14:11 31232 ----a-w- c:\temp\rarsfx4\nircmd.exe
2011-01-24 02:14:11 30720 ----a-w- c:\temp\rarsfx4\nircmdc.exe
2011-01-24 02:14:11 254976 ----a-w- c:\temp\rarsfx4\pev.exe
2011-01-24 02:14:11 161792 ----a-w- c:\temp\rarsfx4\swreg.exe
2011-01-24 02:14:10 31232 ----a-w- c:\temp\rarsfx4\nird\iexplore.exe
2011-01-24 02:14:10 254976 ----a-w- c:\temp\rarsfx4\procs\iexplore.exe
2011-01-24 02:14:10 1536 ----a-w- c:\temp\rarsfx4\h\iexplore.exe
2011-01-24 02:09:55 98816 ----a-w- c:\temp\rarsfx3\sed.exe
2011-01-24 02:09:55 161792 ----a-w- c:\temp\rarsfx3\swreg.exe
2011-01-24 02:09:54 31232 ----a-w- c:\temp\rarsfx3\nircmd.exe
2011-01-24 02:09:54 30720 ----a-w- c:\temp\rarsfx3\nircmdc.exe
2011-01-24 02:09:54 254976 ----a-w- c:\temp\rarsfx3\procs\iexplore.exe
2011-01-24 02:09:54 254976 ----a-w- c:\temp\rarsfx3\pev.exe
2011-01-24 02:09:53 31232 ----a-w- c:\temp\rarsfx3\nird\iexplore.exe
2011-01-24 02:09:53 1536 ----a-w- c:\temp\rarsfx3\h\iexplore.exe
2011-01-24 02:08:14 98816 ----a-w- c:\temp\rarsfx2\sed.exe
2011-01-24 02:08:14 161792 ----a-w- c:\temp\rarsfx2\swreg.exe
2011-01-24 02:08:13 31232 ----a-w- c:\temp\rarsfx2\nircmd.exe
2011-01-24 02:08:13 30720 ----a-w- c:\temp\rarsfx2\nircmdc.exe
2011-01-24 02:08:13 254976 ----a-w- c:\temp\rarsfx2\procs\iexplore.exe
2011-01-24 02:08:13 254976 ----a-w- c:\temp\rarsfx2\pev.exe
2011-01-24 02:08:12 31232 ----a-w- c:\temp\rarsfx2\nird\iexplore.exe
2011-01-24 02:08:12 1536 ----a-w- c:\temp\rarsfx2\h\iexplore.exe
2011-01-24 02:08:00 719873 ----a-w- c:\temp\content.ie5\m532nk3f\WiNlOgOn[1].exe
2011-01-24 02:07:07 98816 ----a-w- c:\temp\rarsfx1\sed.exe
2011-01-24 02:07:07 161792 ----a-w- c:\temp\rarsfx1\swreg.exe
2011-01-24 02:07:06 31232 ----a-w- c:\temp\rarsfx1\nircmd.exe
2011-01-24 02:07:06 30720 ----a-w- c:\temp\rarsfx1\nircmdc.exe
2011-01-24 02:07:06 254976 ----a-w- c:\temp\rarsfx1\pev.exe
2011-01-24 02:07:05 31232 ----a-w- c:\temp\rarsfx1\nird\iexplore.exe
2011-01-24 02:07:05 254976 ----a-w- c:\temp\rarsfx1\procs\iexplore.exe
2011-01-24 02:07:05 1536 ----a-w- c:\temp\rarsfx1\h\iexplore.exe
2011-01-24 02:06:46 719873 ----a-w- c:\temp\content.ie5\xj3etoje\uSeRiNiT[1].exe
2011-01-24 02:05:47 98816 ----a-w- c:\temp\rarsfx0\sed.exe
2011-01-24 02:05:47 31232 ----a-w- c:\temp\rarsfx0\nircmd.exe
2011-01-24 02:05:47 30720 ----a-w- c:\temp\rarsfx0\nircmdc.exe
2011-01-24 02:05:47 254976 ----a-w- c:\temp\rarsfx0\pev.exe
2011-01-24 02:05:47 161792 ----a-w- c:\temp\rarsfx0\swreg.exe
2011-01-24 02:05:46 31232 ----a-w- c:\temp\rarsfx0\nird\iexplore.exe
2011-01-24 02:05:46 254976 ----a-w- c:\temp\rarsfx0\procs\iexplore.exe
2011-01-24 02:05:46 1536 ----a-w- c:\temp\rarsfx0\h\iexplore.exe
2011-01-24 02:05:21 719873 ----a-w- c:\temp\content.ie5\m532nk3f\iExplore[1].exe
2011-01-24 01:59:05 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{415f8c00-d92d-4672-b3f3-ac9ad9585d70}\mpengine.dll
2011-01-24 01:40:10 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl2afa5080.sys
2011-01-23 22:35:56 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\MpKsl97232ac2.sys
2011-01-23 22:33:06 1093 ----a-w- c:\temp\content.ie5\m532nk3f\pack[2].exe
2011-01-23 22:33:00 1093 ----a-w- c:\temp\content.ie5\m532nk3f\pack[1].exe
2011-01-23 17:04:14 5890896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{807f69ec-bc12-475d-9039-6880fdad67b3}\mpengine.dll
2011-01-08 16:59:25 -------- d-----w- c:\docume~1\james\locals~1\applic~1\Yahoo
2011-01-08 16:52:59 -------- d-----w- c:\program files\Yahoo!
2010-12-28 14:27:26 -------- d-----w- C:\ProgramData
2010-12-28 14:27:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-12-28 03:48:42 -------- d-----w- c:\program files\Microsoft WSE
==================== Find3M ====================
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2007-06-20 19:16:30 15732984 ----a-w- c:\program files\Google_Earth_BZXD.exe
============= FINISH: 21:31:42.78 ===============