DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.7.0_25 Run by Katelynn at 20:12:08 on 2013-07-30 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1045 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\aestsrv.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Katelynn\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Windows\system32\lxcrcoms.exe C:\Windows\system32\STacSV.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.earthlink.net uWindow Title = Internet Explorer provided by Dell uSearch Bar = hxxp://start.earthlink.net/AL/Search uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319 mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319 mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080319 uURLSearchHooks: SrchHook Class: {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - c:\program files\earthlink totalaccess\ElnIE.dll uURLSearchHooks: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - uURLSearchHooks: ~bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe StartupFolder: c:\users\katelynn\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\katelynn\appdata\roaming\dropbox\bin\Dropbox.exe mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-Explorer: HideSCAHealth = dword:1 Trusted Zone: netzero.com Trusted Zone: netzero.net DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{338504BF-2DBC-4910-850A-E3878896A4E2} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Notify: igfxcui - igfxdev.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\katelynn\appdata\roaming\mozilla\firefox\profiles\vhqdna17.default-1374786632157\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-07-28 19:59; wrc@avast.com; c:\program files\avast software\avast\webrep\FF . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-28 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-28 175176] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-28 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-28 369584] R1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\drivers\sct_skmscan.sys [2012-10-12 33096] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-18 73728] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-28 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-28 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-28 46808] R2 EarthLinkMonitor;EarthLink Monitor Service;c:\program files\earthlink totalaccess\wengine\wmonitor.exe [2005-1-26 65604] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-18 111616] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-6-28 106280] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-28 30312] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\BW2NDIS5.SYS [2004-11-1 17536] S3 GTUHSBUS;GT UHS BUS;c:\windows\system32\drivers\gtuhsbus.sys [2009-3-20 58880] S3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\drivers\gtuhs51.sys [2009-3-20 106112] S3 GTUHSOMS;GT UHS OMS;c:\windows\system32\drivers\gtuhsoms.sys [2009-3-20 18816] S3 GTUHSSER;GT UHS SER;c:\windows\system32\drivers\gtuhsser.sys [2009-3-20 8064] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-26 40776] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-1-20 21504] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-28 96488] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-28 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-28 121576] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 utuyntu3;AVZ Kernel Driver;c:\windows\system32\drivers\utuyntu3.sys [2013-4-8 7168] S4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-8-29 104000] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-07-30 21:14:49 7143960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{583a18a4-491f-4ab0-80b5-51ad78eec84e}\mpengine.dll 2013-07-29 20:45:07 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-29 20:45:07 -------- d-----w- c:\program files\kioskea.exe 2013-07-29 20:34:34 7143960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-07-29 20:27:04 15616 ----a-w- c:\windows\system32\TrueSight.sys 2013-07-29 00:00:08 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-07-29 00:00:08 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-29 00:00:07 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-29 00:00:05 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-07-28 23:59:07 41664 ----a-w- c:\windows\avastSS.scr 2013-07-28 20:33:20 167344 ----a-w- c:\windows\system32\mfevtps.exe.944e.deleteme 2013-07-28 20:32:48 -------- d-----w- C:\Stinger_Quarantine 2013-07-28 20:32:37 -------- d-----w- c:\program files\stinger 2013-07-27 02:46:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-27 00:50:52 -------- d-----w- C:\TDSSKiller_Quarantine 2013-07-26 22:36:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-26 21:47:16 -------- d-sh--w- C:\found.003 2013-07-25 21:33:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-21 22:11:12 -------- d-----w- c:\program files\common files\PACE Anti-Piracy 2013-07-21 22:06:10 -------- d-----w- c:\program files\InterLok 2013-07-18 21:13:25 698504 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e551f688-84f3-43f7-bdc0-98317d9eb195}\gapaengine.dll 2013-07-01 02:27:10 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-07-01 02:27:09 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll . ==================== Find3M ==================== . 2013-07-25 21:33:14 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-25 21:33:14 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-25 21:26:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-07-25 21:26:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-30 11:17:16 346112 ----a-w- c:\windows\Heartbeat.dll 2013-06-30 11:17:10 84480 ----a-w- c:\windows\AppInitMonitor.dll 2013-06-03 21:14:12 173896 ----a-w- c:\windows\system32\cc_20130603_171403.reg 2013-05-10 01:51:50 7261768 ----a-w- c:\windows\system32\SpoonUninstall.exe 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 20:13:02.32 ===============