DDS (Ver_09-07-30.01) - NTFSx86 Run by Ohso at 3:17:00.95 on Mon 09/07/2009 Internet Explorer: 6.0.2900.5512 AV: avast! antivirus 4.8.1351 [VPS 090906-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} ============== Running Processes =============== ============== Pseudo HJT Report =============== uLocal Page = uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mLocal Page = mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "h:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [SUPERAntiSpyware] h:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [SSBkgdUpdate] "h:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "h:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [QuickTime Task] mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "h:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HotKeysCmds] h:\windows\system32\hkcmd.exe mRun: [Persistence] h:\windows\system32\igfxpers.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [SoundMAXPnP] h:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "h:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NBKeyScan] mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [NeroFilterCheck] h:\program files\common files\ahead\lib\NeroCheck.exe mRun: [00PCTFW] "h:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [NetStat Live] h:\program files\analogx\netstat live\nsl.exe mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [DWQueuedReporting] "h:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - h:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Save YouTube Video - h:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - h:\program files\yahoo!\common\Yinsthelper.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - h:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: !SASWinLogon - h:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - h:\docume~1\ohso\applic~1\mozilla\firefox\profiles\9gpfdfz3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: h:\documents and settings\ohso\application data\mozilla\firefox\profiles\9gpfdfz3.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - component: h:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll ---- FIREFOX POLICIES ---- h:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); h:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); h:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); h:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); h:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); h:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); h:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); h:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); h:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); h:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== ============== File Associations =============== chm.file=*** no open command defined *** =============== Created Last 30 ================ 2009-09-06 18:59 7,396 a------- h:\windows\system32\drivers\pctcore.cat 2009-09-06 18:44 579,072 a------- h:\windows\svchust.exe 2009-09-06 18:39 10,562 a------- h:\windows\is-8MS0M.msg 2009-09-06 18:39 294 a------- h:\windows\is-8MS0M.lst 2009-09-06 18:06 430,080 a------- h:\windows\isvchost.exe 2009-09-06 13:01 101 a------- H:\Underground Affiliate Secrets.url 2009-09-06 12:57