DDS.txt (attached as well):
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Larry at 1:11:29 on 2012-11-21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3189.1939 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Hotkey\PowerBiosServer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Hotkey\Hotkey.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://[bleep]inghomepage.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [fspuip] "c:\program files\fsp\fspuip.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AutoKMS] c:\windows\AutoKMS.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\users\larry\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hotkey.lnk - c:\program files\hotkey\Hotkey.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899}\6796275737F53323F596E6374716C6C6E2568756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{20383603-C388-4C24-952B-DA7EA4E8A899}\F6A7C616E646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{636A0099-463B-4654-9155-CB517106D536} : DHCPNameServer = 129.21.3.17 129.21.4.18
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\larry\appdata\roaming\mozilla\firefox\profiles\bbumgtl5.default\
FF - prefs.js: browser.startup.homepage - hxxp://[bleep]inghomepage.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z127&form=ZGAADF&install_date=20111201&q=
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\larry\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-10-17 16:23; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\logitech\setpointp\LogiSmoothFirefoxExt
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 9c9ad723-4f4f-4494-8307-0da719a65515
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys [2011-11-4 17320]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl9790f4ec;MpKsl9790f4ec;c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\MpKsl9790f4ec.sys [2012-11-21 29904]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-16 172032]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-20 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-20 676936]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
R2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2009-11-23 31744]
R3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\drivers\fspad_wlh32.sys [2011-11-4 42496]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-11-4 116136]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2012-9-18 43704]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2012-9-18 12216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-20 22856]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-11-4 6114816]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-11-4 167936]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-5 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-11-21 06:07:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\MpKsl9790f4ec.sys
2012-11-21 04:14:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-21 04:14:09 -------- d-----w- c:\users\larry\appdata\local\temp
2012-11-21 03:59:59 98816 ----a-w- c:\windows\sed.exe
2012-11-21 03:59:59 256000 ----a-w- c:\windows\PEV.exe
2012-11-21 03:59:59 208896 ----a-w- c:\windows\MBR.exe
2012-11-20 23:19:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 23:19:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-20 21:52:50 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fecbac20-1cde-497f-b840-031686e2d46e}\mpengine.dll
2012-11-19 12:44:43 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-16 08:03:12 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:03:12 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:03:12 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:02:41 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:02:40 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:02:38 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:02:38 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 08:02:37 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 08:02:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 08:02:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 23:29:43 -------- d-----w- c:\users\larry\appdata\roaming\MiKTeX
2012-11-15 23:26:49 -------- d-----w- c:\users\larry\appdata\local\MiKTeX
2012-11-15 23:24:49 -------- d-----w- c:\programdata\MiKTeX
2012-11-15 23:22:25 -------- d-----w- c:\program files\MiKTeX 2.9
2012-11-15 14:10:49 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 14:10:46 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-01 16:14:02 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-01 16:12:50 -------- d-----w- c:\program files\iPod
2012-11-01 16:12:47 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
==================== Find3M ====================
.
2012-11-20 22:10:23 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-11-16 21:13:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-16 21:13:44 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-25 03:39:44 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-18 09:33:00 55096 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-09-18 09:33:00 43960 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-09-18 09:33:00 39608 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-09-18 09:33:00 1583928 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-09-18 09:32:56 43704 ----a-w- c:\windows\system32\drivers\LEqdUsb.sys
2012-09-18 09:32:56 12216 ----a-w- c:\windows\system32\drivers\LHidEqd.sys
2012-09-14 18:30:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-10 23:07:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-10 23:07:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-10 23:07:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:21:56 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 02:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:18:33 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 17:10:47 172544 ----a-w- c:\windows\system32\wintrust.dll
.
============= FINISH: 1:13:02.68 ===============