DDS (Ver_09-01-07.01) - NTFSx86 Run by Kurt at 15:52:19.28 on Thu 08/01/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.357 [GMT 11:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\pctsGui.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Kurt\Desktop\dds(2).com C:\WINDOWS\System32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = *.local mWinlogon: SFCDisable=4 (0x4) BHO: {3bd7e47c-c75f-4fe2-ba58-7ebedbf753b8} - c:\windows\system32\ddabx.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: {ab646cb3-0486-4541-bcbc-150ac7541b23} - c:\windows\system32\jkkJaYqQ.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll TCP: NameServer = 208.67.220.220,208.67.222.222 TCP: {5439E578-8B3A-4905-B6B4-682977E5ADF2} = 192.189.54.33,203.8.183.1 TCP: {C401D776-8FBC-42B0-A7E7-F5E23D5C2999} = 208.67.220.220,208.67.222.222 TCP: {CF241CDB-B572-4782-B9F3-9722998D683A} = 208.67.220.220,208.67.222.222 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkJaYqQ ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kurt\applic~1\mozilla\firefox\profiles\y7w03vcd.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - yahoo.com.au FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - component: c:\program files\mozilla firefox\components\iamfamous.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\np32dsw.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npLegitCheckPlugin.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\NPOFFICE.DLL FF - plugin: c:\progra~1\mozilla firefox\plugins\nppdf32.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\nppl3260.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin3.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin4.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin5.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin6.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin7.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\nprpjplug.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\NPSibelius.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npupd62.dll FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll ============= SERVICES / DRIVERS =============== R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-8 40840] R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-12-23 25067] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-28 26824] R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-8 66952] R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-8 81288] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-9-12 33824] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-28 231704] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-8 356920] R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-8 1079176] S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\kurt\locals~1\temp\imspqmn.sys --> c:\docume~1\kurt\locals~1\temp\iMSPQMn.sys [?] S3 MEGAUSB0101;MegawinMa100;c:\windows\system32\drivers\usbscan.sys [2008-3-1 15104] S3 VundoFixSvc;VundoFix Service;VundoFixSVC.exe --> VundoFixSVC.exe [?] S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\ma111nd5.sys --> c:\windows\system32\drivers\MA111nd5.sys [?] =============== Created Last 30 ================ 2009-01-08 15:40 81,288 a------- c:\windows\system32\drivers\iksyssec.sys 2009-01-08 15:40 66,952 a------- c:\windows\system32\drivers\iksysflt.sys 2009-01-08 15:40 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys 2009-01-08 15:40 29,576 a------- c:\windows\system32\drivers\kcom.sys 2009-01-08 15:40 --d----- c:\program files\Spyware Doctor 2009-01-08 15:40 --d----- c:\docume~1\kurt\applic~1\PC Tools 2009-01-08 15:35 61,440 a------- c:\windows\system32\drivers\roptpb.sys 2009-01-08 15:26 --d----- c:\docume~1\kurt\applic~1\Malwarebytes 2009-01-08 15:26 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-08 15:26 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-08 15:26 --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-08 15:26 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2008-12-31 12:41 268 a---h--- C:\sqmdata18.sqm 2008-12-31 12:41 136 a---h--- C:\sqmnoopt19.sqm 2008-12-31 12:41 136 a---h--- C:\sqmdata19.sqm 2008-12-31 12:41 244 a---h--- C:\sqmnoopt18.sqm 2008-12-30 23:44 --d----- C:\vcs5BGEffects 2008-12-30 23:44 --d----- C:\vcs5core 2008-12-30 23:44 --d----- C:\AV_LOGS 2008-12-30 23:43 --d----- c:\program files\AV Vcs 6.0 DIAMOND 2008-12-30 23:33 303 a------- c:\windows\ST6UNST.000 2008-12-30 00:32 345,600 a---h--- c:\windows\system32\ShrLk21.dll 2008-12-30 00:32 31,024 a---h--- c:\windows\system32\FVS12.exe 2008-12-30 00:32 --d----- C:\Fortress 2008-12-29 23:58 56 a---h--- c:\windows\system32\ezsidmv.dat 2008-12-29 12:00 --d-h--- C:\$AVG8.VAULT$ 2008-12-28 22:38 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-12-28 22:37 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2008-12-28 22:37 --d----- c:\windows\system32\drivers\Avg 2008-12-28 22:37 --d----- c:\docume~1\kurt\applic~1\AVGTOOLBAR 2008-12-28 16:58 --d----- c:\program files\Bethesda Softworks 2008-12-28 16:57 --d----- c:\windows\system32\xlive 2008-12-28 15:13 24,576 a------- c:\windows\system32\VundoFixSVC.exe 2008-12-28 14:46 250 a------- c:\windows\gmer.ini 2008-12-22 19:10 --d----- c:\program files\Sierra On-Line 2008-12-22 14:24 --d----- c:\program files\Winamp Toolbar 2008-12-22 14:24 --d----- c:\docume~1\alluse~1\applic~1\Winamp Toolbar 2008-12-21 22:19 30 a------- c:\windows\RESULT.QTW 2008-12-21 22:18 231,936 a------- c:\windows\UNINST16.EXE 2008-12-21 11:08 --d----- c:\docume~1\kurt\applic~1\Avimpgwmv 2008-12-13 23:06 --d----- c:\program files\GlobalSCAPE 2008-12-13 19:33 --d----- c:\program files\WinSCP 2008-12-12 23:16 --d----- c:\program files\iPod 2008-12-12 23:16 --d----- c:\program files\iTunes 2008-12-12 23:16 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-12 17:10 7,286 a------- c:\windows\Water Clock 3D Screensaver.html 2008-12-12 17:10 8,700,416 a------- c:\windows\system32\Water Clock 3D Screensaver.exe 2008-12-12 17:10 780,288 a------- c:\windows\system32\Water_Clock_3D_Screensaver.scr 2008-12-12 17:10 --d----- c:\program files\Water Clock 3D Screensaver 2008-12-12 14:22 --d----- c:\docume~1\kurt\applic~1\Any Video Converter 2008-12-12 14:22 --d----- c:\program files\Any Video Converter 2008-12-12 12:48 --d----- c:\program files\ImTOO 2008-12-12 12:36 --d----- c:\program files\common files\eSellerate 2008-12-11 22:14 --d----- c:\docume~1\kurt\applic~1\CopyTrans 2008-12-11 22:10 --d----- c:\docume~1\kurt\applic~1\CopyTransControlCenter 2008-12-11 21:42 --d----- c:\docume~1\kurt\applic~1\iPod Copy Expert 2008-12-11 21:01 --d----- c:\docume~1\kurt\applic~1\iPod2PC3 2008-12-11 21:01 --d----- c:\docume~1\kurt\applic~1\EurekaLog 2008-12-10 08:43 268 a---h--- C:\sqmdata17.sqm 2008-12-10 08:43 244 a---h--- C:\sqmnoopt17.sqm 2008-12-09 16:46 268 a---h--- C:\sqmdata16.sqm 2008-12-09 16:46 244 a---h--- C:\sqmnoopt16.sqm ==================== Find3M ==================== 2008-12-31 00:02 389,120 a------- c:\windows\system32\CF26442.exe 2008-11-21 17:39 278,984 a------- c:\windows\system32\drivers\atksgt.sys 2008-11-21 17:39 25,416 a------- c:\windows\system32\drivers\lirsgt.sys 2008-11-21 17:25 413,696 a------- c:\windows\system32\wrap_oal.dll 2008-11-21 17:25 110,592 a------- c:\windows\system32\OpenAL32.dll 2008-11-21 17:04 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-11-21 17:00 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys 2008-11-21 17:00 22,328 a------- c:\docume~1\kurt\applic~1\PnkBstrK.sys 2008-11-21 17:00 107,832 a------- c:\windows\system32\PnkBstrB.exe 2008-11-21 17:00 2,250,024 a------- c:\windows\system32\pbsvc.exe 2008-11-21 17:00 66,872 a------- c:\windows\system32\PnkBstrA.exe 2008-10-23 23:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-17 07:38 826,368 a------- c:\windows\system32\wininet.dll 2008-10-11 11:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-03-14 22:44 8 a------- c:\docume~1\alluse~1\applic~1\VYAAUFMZPWQQ.SYS ============= FINISH: 15:53:34.64 ===============