DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2 Run by Larry at 1:11:29 on 2012-11-21 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3189.1939 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Hotkey\PowerBiosServer.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\FSP\FspUip.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Hotkey\Hotkey.exe C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\notepad.exe C:\Windows\system32\wuauclt.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet . ============== Pseudo HJT Report =============== . uStart Page = hxxp://fuckinghomepage.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [fspuip] "c:\program files\fsp\fspuip.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [AutoKMS] c:\windows\AutoKMS.exe mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hotkey.lnk - c:\program files\hotkey\Hotkey.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899} : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899}\6796275737F53323F596E6374716C6C6E2568756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899}\F6A7C616E646 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{636A0099-463B-4654-9155-CB517106D536} : DHCPNameServer = 129.21.3.17 129.21.4.18 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WebCheck - SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\bbumgtl5.default\ FF - prefs.js: browser.startup.homepage - hxxp://fuckinghomepage.com/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111201&q= FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\larry\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2012-10-17 16:23; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\logitech\setpointp\LogiSmoothFirefoxExt . ---- FIREFOX POLICIES ---- FF - user.js: extentions.y2layers.installId - 9c9ad723-4f4f-4494-8307-0da719a65515 . ============= SERVICES / DRIVERS =============== . R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-11-4 17320] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 MpKsl9790f4ec;MpKsl9790f4ec;c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\MpKsl9790f4ec.sys [2012-11-21 29904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-16 172032] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-20 399432] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-20 676936] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272] R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-11-23 31744] R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2011-11-4 42496] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-11-4 116136] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2012-9-18 43704] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2012-9-18 12216] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-20 22856] R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-11-4 6114816] R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-4 167936] S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-5 1343400] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] . =============== Created Last 30 ================ . 2012-11-21 06:07:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\MpKsl9790f4ec.sys 2012-11-21 04:14:12 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-21 04:14:09 -------- d-----w- c:\users\larry\appdata\local\temp 2012-11-21 03:59:59 98816 ----a-w- c:\windows\sed.exe 2012-11-21 03:59:59 256000 ----a-w- c:\windows\PEV.exe 2012-11-21 03:59:59 208896 ----a-w- c:\windows\MBR.exe 2012-11-20 23:19:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-20 23:19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-20 21:52:50 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\mpengine.dll 2012-11-19 12:44:43 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-16 08:03:12 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 08:03:12 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 08:03:12 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 08:02:41 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 08:02:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 08:02:38 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 08:02:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 08:02:37 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 08:02:36 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 08:02:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 23:29:43 -------- d-----w- c:\users\larry\appdata\roaming\MiKTeX 2012-11-15 23:26:49 -------- d-----w- c:\users\larry\appdata\local\MiKTeX 2012-11-15 23:24:49 -------- d-----w- c:\programdata\MiKTeX 2012-11-15 23:22:25 -------- d-----w- c:\program files\MiKTeX 2.9 2012-11-15 14:10:49 78336 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 14:10:46 2344960 ----a-w- c:\windows\system32\win32k.sys 2012-11-01 16:14:02 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-01 16:12:50 -------- d-----w- c:\program files\iPod 2012-11-01 16:12:47 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 . ==================== Find3M ==================== . 2012-11-20 22:10:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-11-16 21:13:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-16 21:13:44 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-25 03:39:44 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-09-18 09:33:00 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll 2012-09-18 09:33:00 43960 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys 2012-09-18 09:33:00 39608 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys 2012-09-18 09:33:00 1583928 ----a-w- c:\windows\system32\LkmdfCoInst.dll 2012-09-18 09:32:56 43704 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys 2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LHidEqd.sys 2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-10 23:07:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-10 23:07:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-10 23:07:08 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll . ============= FINISH: 1:13:02.68 ===============