Hi there,
I just ran my Spybot program and it found Win32.downloader.gen. After it ran I checked fix problems button. It showed that it fixed it, but I want to make sure. I have run the gmer and dds programs and will attach them for you. My computer has been running slow also.
Thank you in advance for any help.
Gerry
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Gerry at 20:43:35 on 2013-08-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.855 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB9447] command.com /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
uRunOnce: [SpybotDeletingD3690] cmd.exe /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [SpybotDeletingA4917] command.com /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
mRunOnce: [SpybotDeletingC6248] cmd.exe /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341964899906
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
TCP: NameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{18E49E81-5F1A-4E1C-949A-B59A65CAF72C} : DHCPNameServer = 192.168.254.254 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 Spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN36750579811403952&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/North+Ridgeville+OH+44039:4:US
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN36750579811403952&UM=2&q=
FF - plugin: c:\docume~1\gerry\applic~1\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-08-09 20:42; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-20 266240]
R2 NAV;Norton AntiVirus.;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20130814.002\IDSXpx86.sys [2013-8-13 380832]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20130818.004\NAVENG.SYS [2013-8-18 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20130818.004\NAVEX15.SYS [2013-8-18 1611992]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys --> c:\windows\system32\drivers\nav\1008000.029\ccHPx86.sys [?]
S1 MpKsl18f9b935;MpKsl18f9b935;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0249fe91-3df2-438e-b52e-8dff1e69f19b}\mpksl18f9b935.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0249fe91-3df2-438e-b52e-8dff1e69f19b}\MpKsl18f9b935.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\ccsvchst.exe" /s "norton antivirus" /m "c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-19 00:25:35 54016 ----a-w- c:\windows\system32\drivers\qcqaqdm.sys
2013-08-10 00:43:11 -------- d-----w- c:\program files\Conduit
2013-08-10 00:43:07 -------- d-----w- c:\documents and settings\gerry\local settings\application data\MixiDJ_V30
2013-08-10 00:43:05 -------- d-----w- c:\program files\MixiDJ_V30
2013-08-10 00:42:37 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-10 00:42:37 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-03 12:38:31 2162416 ----a-w- c:\documents and settings\gerry\local settings\application data\BcsKtYcHW.dll
2013-08-03 12:38:27 45056 ----a-r- c:\documents and settings\gerry\application data\microsoft\installer\{37331c16-3e97-4a20-80d8-bfb43ab0e2fb}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-08-03 12:38:27 45056 ----a-r- c:\documents and settings\gerry\application data\microsoft\installer\{37331c16-3e97-4a20-80d8-bfb43ab0e2fb}\ARPPRODUCTICON.exe
2013-08-03 12:38:25 -------- d-----w- c:\documents and settings\gerry\application data\Catalina Print Savings
.
==================== Find3M ====================
.
2013-07-27 21:17:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-27 21:17:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 01:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-13 01:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 01:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 01:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-05 13:04:17 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 20:44:20.82 ===============
I just ran my Spybot program and it found Win32.downloader.gen. After it ran I checked fix problems button. It showed that it fixed it, but I want to make sure. I have run the gmer and dds programs and will attach them for you. My computer has been running slow also.
Thank you in advance for any help.
Gerry
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Gerry at 20:43:35 on 2013-08-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.855 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: EWPBrowseObject Class: {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\18.7.1.3\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MixiDJ V30 Toolbar: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - c:\program files\mixidj_v30\prxtbMixi.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [SpybotDeletingB9447] command.com /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
uRunOnce: [SpybotDeletingD3690] cmd.exe /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [SpybotDeletingA4917] command.com /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
mRunOnce: [SpybotDeletingC6248] cmd.exe /c del "c:\documents and settings\gerry\local settings\temp\ToolbarHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341964899906
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} - hxxps://care.windstream.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxps://care.windstream.com/lwp/static/installers/ALLTELControls.cab
TCP: NameServer = 192.168.254.254 192.168.1.1
TCP: Interfaces\{18E49E81-5F1A-4E1C-949A-B59A65CAF72C} : DHCPNameServer = 192.168.254.254 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 Spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN36750579811403952&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/today/North+Ridgeville+OH+44039:4:US
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN36750579811403952&UM=2&q=
FF - plugin: c:\docume~1\gerry\applic~1\catali~2\npBcsKtTcHW.dll
FF - plugin: c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-08-09 20:42; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\documents and settings\gerry\application data\mozilla\firefox\profiles\03qrfe5i.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1207010.003\symds.sys [2012-4-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1207010.003\symefa.sys [2012-4-3 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1207010.003\ironx86.sys [2012-4-3 136312]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-20 266240]
R2 NAV;Norton AntiVirus.;c:\program files\norton antivirus\engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20130814.002\IDSXpx86.sys [2013-8-13 380832]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20130818.004\NAVENG.SYS [2013-8-18 93272]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20130818.004\NAVEX15.SYS [2013-8-18 1611992]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008000.029\cchpx86.sys --> c:\windows\system32\drivers\nav\1008000.029\ccHPx86.sys [?]
S1 MpKsl18f9b935;MpKsl18f9b935;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0249fe91-3df2-438e-b52e-8dff1e69f19b}\mpksl18f9b935.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0249fe91-3df2-438e-b52e-8dff1e69f19b}\MpKsl18f9b935.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\ccsvchst.exe" /s "norton antivirus" /m "c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\norton antivirus\engine\16.8.0.41\ccSvcHst.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-19 00:25:35 54016 ----a-w- c:\windows\system32\drivers\qcqaqdm.sys
2013-08-10 00:43:11 -------- d-----w- c:\program files\Conduit
2013-08-10 00:43:07 -------- d-----w- c:\documents and settings\gerry\local settings\application data\MixiDJ_V30
2013-08-10 00:43:05 -------- d-----w- c:\program files\MixiDJ_V30
2013-08-10 00:42:37 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-08-10 00:42:37 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-08-03 12:38:31 2162416 ----a-w- c:\documents and settings\gerry\local settings\application data\BcsKtYcHW.dll
2013-08-03 12:38:27 45056 ----a-r- c:\documents and settings\gerry\application data\microsoft\installer\{37331c16-3e97-4a20-80d8-bfb43ab0e2fb}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-08-03 12:38:27 45056 ----a-r- c:\documents and settings\gerry\application data\microsoft\installer\{37331c16-3e97-4a20-80d8-bfb43ab0e2fb}\ARPPRODUCTICON.exe
2013-08-03 12:38:25 -------- d-----w- c:\documents and settings\gerry\application data\Catalina Print Savings
.
==================== Find3M ====================
.
2013-07-27 21:17:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-27 21:17:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 01:48:23 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-13 01:48:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 01:48:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 01:35:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-05 13:04:17 465280 ----a-r- c:\windows\system32\cpnprt2win32.cid
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 20:44:20.82 ===============