DDS (Ver_09-07-30.01) - NTFSx86 NETWORK Run by Moniec Rudd at 8:53:08.89 on Sun 08/09/2009 Internet Explorer: 8.0.6001.18372 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.212 [GMT -7:00] AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Moniec Rudd.MONIEC-A16FA513\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = ;*.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe mRun: [tgcmd] "c:\program files\support.com\bin\tgcmd.exe" /server mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe" mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" mRun: [SpIDerNT] c:\progra~1\drweb\spiderui.exe /agent mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\correc~1.lnk - c:\program files\cconnect\CConnect.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\drweb\drwebsp.dll Trusted Zone: chase.com\www Trusted Zone: yahoo.com\www DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225036458253&h=f8740235bd15226d2969700e5cd1f34e/&filename=jinstall-6u10-windows-i586-jc.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2009-8-2 101496] R0 si3114;si3114;c:\windows\system32\drivers\si3114.sys [2006-6-30 54872] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2006-6-30 10112] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-10-25 214024] S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2009-1-21 886072] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-26 210216] S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-10-25 359952] S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-10-25 144704] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-7 25824] S2 SPIDER;SpIDer Guard File System Monitor;c:\progra~1\drweb\spider.sys [2009-4-16 394184] S2 SPIDERNT;SpIDer Guard for Windows;c:\progra~1\drweb\spidernt.exe [2009-4-16 251144] S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-10-25 606736] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-10-25 79880] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-10-25 35272] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-10-25 34216] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-10-25 40552] =============== Created Last 30 ================ 2009-08-08 22:54 --ds---- C:\ComboFix 2009-08-08 09:05 -cd-h--- c:\docume~1\alluse~1.win\applic~1\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-08-08 08:49 6,881,824 a------- c:\program files\SUPERAntiSpyware.exe 2009-08-08 08:30 4,365,033 a------- c:\program files\SASDEFINITIONS.EXE 2009-08-08 08:28 --d----- c:\program files\common files\Wise Installation Wizard 2009-08-07 16:01 a-dshr-- C:\autorun.inf 2009-08-07 04:36 --d----- c:\program files\Trend Micro 2009-08-06 14:54 -cd----- c:\windows\system32\dllcache\cache 2009-08-06 14:46 a-dshr-- C:\cmdcons 2009-08-06 13:52 --d----- c:\program files\Spybot - Search & Destroy 2009-08-06 13:52 --d----- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy 2009-08-06 13:38 0 a------- C:\__tmp_rar_sfx_access_check_396937 2009-08-06 08:48 216,064 a------- c:\windows\PEV.exe 2009-08-06 08:48 161,792 a------- c:\windows\SWREG.exe 2009-08-06 08:48 98,816 a------- c:\windows\sed.exe 2009-08-06 08:22 --d----- c:\docume~1\moniec~1.mon\applic~1\Malwarebytes 2009-08-06 08:22 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-06 08:22 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-08-06 08:22 --d----- c:\program files\Malwarebytes' Anti-Malware 2009-08-06 08:22 --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes 2009-08-05 11:02 0 a------- c:\windows\system32\10.tmp 2009-08-03 16:42 664 a------- c:\windows\system32\d3d9caps.dat 2009-08-02 14:27 --d----- c:\documents and settings\moniec rudd.moniec-a16fa513\DoctorWeb 2009-08-02 14:27 101,496 a------- c:\windows\system32\drivers\dwprot.sys 2009-08-02 14:26 --d----- c:\program files\common files\Doctor Web 2009-08-02 14:26 --d----- c:\docume~1\alluse~1.win\applic~1\Doctor Web 2009-08-02 14:26 --d----- c:\program files\DrWeb 2009-08-02 12:37 --d----- c:\docume~1\moniec~1.mon\applic~1\Uniblue 2009-08-02 10:46 --d----- c:\windows\pss 2009-07-29 09:45 --d----- c:\docume~1\alluse~1.win\applic~1\MemeoCommon 2009-07-29 09:43 --d----- c:\docume~1\moniec~1.mon\applic~1\Memeo 2009-07-29 09:25 --d----- c:\program files\iPod 2009-07-29 09:23 --d----- c:\program files\iTunes 2009-07-28 08:22 --d----- c:\docume~1\moniec~1.mon\applic~1\cmw 2009-07-27 15:59 --d----- c:\program files\Picasa2 2009-07-27 15:27 --d----- c:\program files\Western Digital 2009-07-27 15:03 --d----- c:\program files\common files\eSellerate 2009-07-27 15:02 --d----- c:\program files\Memeo 2009-07-27 14:34 --d----- c:\program files\Western Digital Corporation ==================== Find3M ==================== 2009-08-04 17:32 19,664,395 a------- c:\program files\PROCESSLIST.DB 2009-08-04 17:32 1,214,114 a------- c:\program files\PROCESSLISTRELATED.DB 2009-07-29 16:56 8,192 a--sh--- c:\program files\Thumbs.db 2009-06-16 07:55 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 07:55 82,432 a------- c:\windows\system32\fontsub.dll 2009-06-03 12:27 1,290,752 a------- c:\windows\system32\quartz.dll 2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-05-20 19:04 203,776 a------- c:\windows\system32\clrviddc.dll 2009-05-20 19:00 499,712 a------- c:\windows\system32\msvcp71.dll 2009-02-23 09:15 256 ac------ c:\documents and settings\moniec rudd.moniec-a16fa513\pool.bin ============= FINISH: 8:53:32.32 ===============