DDS (Ver_09-07-30.01) - NTFSx86 Run by Ohso at 3:17:00.95 on Mon 09/07/2009 Internet Explorer: 6.0.2900.5512 AV: avast! antivirus 4.8.1351 [VPS 090906-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} ============== Running Processes =============== ============== Pseudo HJT Report =============== uLocal Page = uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mLocal Page = mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://www.google.com uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "h:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [SUPERAntiSpyware] h:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [CanonSolutionMenu] h:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] h:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [SSBkgdUpdate] "h:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "h:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [QuickTime Task] mRun: [iTunesHelper] "h:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "h:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [HotKeysCmds] h:\windows\system32\hkcmd.exe mRun: [Persistence] h:\windows\system32\igfxpers.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [SoundMAXPnP] h:\program files\analog devices\core\smax4pnp.exe mRun: [SoundMAX] "h:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [NBKeyScan] mRun: [Adobe Reader Speed Launcher] "h:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [NeroFilterCheck] h:\program files\common files\ahead\lib\NeroCheck.exe mRun: [00PCTFW] "h:\program files\pc tools firewall plus\FirewallGUI.exe" -s mRun: [NetStat Live] h:\program files\analogx\netstat live\nsl.exe mRun: [avast!] h:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [DWQueuedReporting] "h:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: h:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - h:\program files\kodak\kodak easyshare software\bin\EasyShare.exe IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Save YouTube Video - h:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - h:\program files\yahoo!\common\Yinsthelper.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - h:\progra~1\micros~2\office12\GR99D3~1.DLL Notify: !SASWinLogon - h:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\progra~1\micros~2\office12\GRA8E1~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - h:\docume~1\ohso\applic~1\mozilla\firefox\profiles\9gpfdfz3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: h:\documents and settings\ohso\application data\mozilla\firefox\profiles\9gpfdfz3.default\extensions\{fcab6fdd-5585-425b-95c1-5ed856f3fd08}\components\nsCatcher.dll FF - component: h:\program files\common files\dvdvideosoft\dll\ffcontextmenuy\components\FFContextMenu.dll ---- FIREFOX POLICIES ---- h:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); h:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); h:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); h:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); h:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); h:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); h:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); h:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); h:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); h:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); h:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== ============== File Associations =============== chm.file=*** no open command defined *** =============== Created Last 30 ================ 2009-09-06 18:59 7,396 a------- h:\windows\system32\drivers\pctcore.cat 2009-09-06 18:44 579,072 a------- h:\windows\svchust.exe 2009-09-06 18:39 10,562 a------- h:\windows\is-8MS0M.msg 2009-09-06 18:39 294 a------- h:\windows\is-8MS0M.lst 2009-09-06 18:06 430,080 a------- h:\windows\isvchost.exe 2009-09-06 13:01 101 a------- H:\Underground Affiliate Secrets.url 2009-09-06 12:57 --d----- h:\docume~1\ohso\applic~1\DriverCure 2009-09-06 12:56 --d----- h:\docume~1\alluse~1\applic~1\ParetoLogic 2009-09-06 12:56 --d----- h:\docume~1\alluse~1\applic~1\DriverCure 2009-09-06 12:48 --d----- h:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters 2009-09-06 12:12 --d----- H:\burncdcc 2009-09-05 15:26 --d----- h:\windows\system32\scripting 2009-09-05 15:26 --d----- h:\windows\l2schemas 2009-09-05 15:26 --d----- h:\windows\system32\en 2009-09-05 15:26 --d----- h:\windows\system32\bits 2009-09-05 15:21 --d----- h:\windows\network diagnostic 2009-09-05 13:10 --d----- h:\program files\SourceTec 2009-09-04 09:42 --d----- h:\program files\WinPcap 2009-09-04 09:40 --d----- h:\program files\WMR11 2009-09-02 15:37 --d----- h:\program files\DVDVideoSoft 2009-09-02 15:37 --d----- h:\program files\common files\DVDVideoSoft 2009-08-30 20:15 18,015,723 a------- h:\docume~1\alluse~1\applic~1\vlc-1.0.1-win32.exe 2009-08-30 13:52 --d----- h:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-08-30 13:52 --d----- h:\program files\SUPERAntiSpyware 2009-08-30 13:52 --d----- h:\docume~1\ohso\applic~1\SUPERAntiSpyware.com 2009-08-30 13:51 --d----- h:\program files\common files\Wise Installation Wizard 2009-08-30 01:00 --d----- h:\windows\system32\KB905474 2009-08-29 14:30 --d----- H:\slsk incoming files 2009-08-29 14:29 --d----- H:\slsk shared music 2009-08-29 14:01 --d----- h:\docume~1\alluse~1\applic~1\Soulseek 2009-08-29 14:00 --d----- h:\program files\SoulseekNS 2009-08-29 04:08 701,440 -------- h:\windows\system32\drivers\ati2mtag.sys 2009-08-29 01:02 --d----- h:\windows\ServicePackFiles 2009-08-29 01:01 --d----- h:\program files\MSXML 4.0 2009-08-28 18:54 --d----- h:\program files\DivX 2009-08-28 18:54 --d----- h:\program files\common files\DivX Shared 2009-08-28 18:25 --d----- h:\docume~1\ohso\applic~1\uTorrent 2009-08-28 17:06 --d----- h:\program files\AnalogX 2009-08-28 16:43 --d----- h:\program files\BandwidthMonitor 2009-08-28 12:32 455,296 -c------ h:\windows\system32\dllcache\mrxsmb.sys 2009-08-28 12:32 333,952 -c------ h:\windows\system32\dllcache\srv.sys 2009-08-28 12:32 1,315,328 -c------ h:\windows\system32\dllcache\msoe.dll 2009-08-28 12:32 691,712 -c------ h:\windows\system32\dllcache\inetcomm.dll 2009-08-28 12:30 203,136 -c------ h:\windows\system32\dllcache\rmcast.sys 2009-08-28 12:30 337,408 -c------ h:\windows\system32\dllcache\netapi32.dll 2009-08-28 12:29 236,032 -c------ h:\windows\system32\dllcache\wordpad.exe 2009-08-28 12:29 2,560 -------- h:\windows\system32\xpsp4res.dll 2009-08-28 12:29 1,847,168 -c------ h:\windows\system32\dllcache\win32k.sys 2009-08-28 12:28 --d----- h:\windows\system32\PreInstall 2009-08-28 12:28 --d-h--- h:\windows\$hf_mig$ 2009-08-28 11:26 --d----- h:\docume~1\ohso\applic~1\Auslogics 2009-08-28 11:19 --d----- h:\windows\system32\SoftwareDistribution 2009-08-28 10:46 --d----- h:\docume~1\ohso\applic~1\PCToolsFirewallPlus 2009-08-28 10:43 --d----- h:\windows\setup.pss 2009-08-28 09:45 --d----- h:\program files\VS Revo Group 2009-08-28 09:43 --d----- h:\docume~1\ohso\applic~1\Malwarebytes 2009-08-28 09:43 38,160 a------- h:\windows\system32\drivers\mbamswissarmy.sys 2009-08-28 09:43 --d----- h:\docume~1\alluse~1\applic~1\Malwarebytes 2009-08-28 09:43 19,096 a------- h:\windows\system32\drivers\mbam.sys 2009-08-28 09:43 --d----- h:\program files\Malwarebytes' Anti-Malware 2009-08-28 09:42 --d----- h:\program files\Trend Micro 2009-08-28 09:42 115,920 a------- h:\windows\system32\MSINET.OCX 2009-08-28 09:42 --d----- h:\program files\EULAlyzer 2009-08-28 09:41 --d----- h:\program files\DAMN NFO Viewer 2009-08-28 09:40 --d----- h:\program files\CCleaner 2009-08-28 09:40 --d----- h:\program files\Auslogics 2009-08-28 09:39 206,256 a------- h:\windows\system32\drivers\PCTCore.sys 2009-08-28 09:39 73,840 a------- h:\windows\system32\drivers\PCTAppEvent.sys 2009-08-28 09:39 159,600 a------- h:\windows\system32\drivers\pctgntdi.sys 2009-08-28 09:39 97,408 a------- h:\windows\system32\drivers\pctfw.sys 2009-08-28 09:39 --d----- h:\program files\common files\PC Tools 2009-08-28 09:39 95,640 a------- h:\windows\system32\drivers\pctplfw.sys 2009-08-28 09:39 --d----- h:\program files\PC Tools Firewall Plus 2009-08-28 09:32 --d----- h:\program files\AVG 2009-08-28 09:32 --d----- h:\docume~1\alluse~1\applic~1\avg8 2009-08-28 07:50 --d----- h:\program files\Yahoo! 2009-08-28 07:50 --d----- h:\program files\common files\Motive 2009-08-28 07:50 --d----- h:\program files\ATT ==================== Find3M ==================== 2009-09-06 14:53 216,925 a------- h:\windows\system32\msdtc.exe 2009-09-05 15:30 86,327 a------- h:\windows\pchealth\helpctr\offlinecache\index.dat 2009-08-05 02:01 204,800 a------- h:\windows\system32\mswebdvd.dll 2009-07-28 21:37 119,808 a------- h:\windows\system32\t2embed.dll 2009-07-28 21:37 81,920 a------- h:\windows\system32\fontsub.dll 2009-07-17 12:01 58,880 a------- h:\windows\system32\atl.dll 2009-07-12 12:21 233,472 a------- h:\windows\system32\wmpdxm.dll 2009-06-26 09:50 666,624 a------- h:\windows\system32\wininet.dll 2009-06-26 09:50 81,920 a------- h:\windows\system32\ieencode.dll 2009-06-25 11:36 661,504 a------- h:\windows\system32\mqqm.dll 2009-06-25 11:36 517,120 a------- h:\windows\system32\mqsnap.dll 2009-06-25 11:36 471,552 a------- h:\windows\system32\mqutil.dll 2009-06-25 11:36 225,280 a------- h:\windows\system32\mqoa.dll 2009-06-25 11:36 186,880 a------- h:\windows\system32\mqtrig.dll 2009-06-25 11:36 177,152 a------- h:\windows\system32\mqrt.dll 2009-06-25 11:36 138,240 a------- h:\windows\system32\mqad.dll 2009-06-25 11:36 123,392 a------- h:\windows\system32\mqrtdep.dll 2009-06-25 11:36 95,744 a------- h:\windows\system32\mqsec.dll 2009-06-25 11:36 48,640 a------- h:\windows\system32\mqupgrd.dll 2009-06-25 11:36 47,104 a------- h:\windows\system32\mqdscli.dll 2009-06-25 11:36 16,896 a------- h:\windows\system32\mqise.dll 2009-06-25 01:25 730,112 a------- h:\windows\system32\lsasrv.dll 2009-06-25 01:25 301,568 a------- h:\windows\system32\kerberos.dll 2009-06-25 01:25 147,456 a------- h:\windows\system32\schannel.dll 2009-06-25 01:25 136,192 a------- h:\windows\system32\msv1_0.dll 2009-06-25 01:25 56,832 a------- h:\windows\system32\secur32.dll 2009-06-25 01:25 54,272 a------- h:\windows\system32\wdigest.dll 2009-06-22 04:49 137,728 a------- h:\windows\system32\mqtgsvc.exe 2009-06-22 04:49 25,088 a------- h:\windows\system32\mqsvc.exe 2009-06-12 05:31 101,376 a------- h:\windows\system32\tlntsess.exe 2009-06-12 05:31 96,768 a------- h:\windows\system32\telnet.exe 2009-06-10 09:19 2,066,432 a------- h:\windows\system32\mstscax.dll 2009-06-10 07:13 84,992 a------- h:\windows\system32\avifil32.dll 2009-06-09 23:14 132,096 a------- h:\windows\system32\wkssvc.dll 2008-12-20 15:19 87,608 ac------ h:\docume~1\ohso\applic~1\inst.exe 2008-12-20 15:19 47,360 ac------ h:\docume~1\ohso\applic~1\pcouffin.sys ============= FINISH: 3:17:16.96 ===============