Hello. I was sent here from my previous thread http://www.techsupportforum.com/foru...ml#post4911298
to see if my PC desktop's constant freezing is from malware.
Here's DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dashel R at 5:16:01 on 2014-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.285 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: AIM Search: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: ITBarLayout - LocalServer32 - <no file>
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: AIM Search: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreshDownload Bar: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [SysLogger32] rundll32.exe "c:\windows\security\syslogs\core32_176.dll",z
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {413D68F3-BF21-4E7B-ACA6-50C6394304BC} - c:\program files\freshdevices\freshdownload\fd.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - <orphaned>
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
LSP: c:\program files\speedbit video accelerator\sblsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348869713890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - <orphaned>
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\AppInitHook321.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=2&CUI=UN21668833222002578&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R1 MpKslccd9acc2;MpKslccd9acc2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\MpKslccd9acc2.sys [2014-2-21 39464]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2004-10-5 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-1 35144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-18 40776]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 SBUpdd;SpeedBit UpdateD;\??\c:\program files\common files\speedbit\sbupdate\sbw.sys --> c:\program files\common files\speedbit\sbupdate\sbw.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-7 25704]
S4 0096561348771546mcinstcleanup;McAfee Application Installer Cleanup (0096561348771546);c:\docume~1\dashel~1\locals~1\temp\009656~1.exe -cleanup -nolog --> c:\docume~1\dashel~1\locals~1\temp\009656~1.EXE -cleanup -nolog [?]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
S4 SBUpd;SpeedBit Update;c:\program files\common files\speedbit\sbupdate\sbu.exe /service --> c:\program files\common files\speedbit\sbupdate\sbu.exe [?]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: Documents.exe: open=c:\documents and settings\dashel r\my documents\downloads\PSXGameEdit.exe "%1"
.
=============== Created Last 30 ================
.
2014-02-21 22:00:37 39464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\MpKslccd9acc2.sys
2014-02-21 19:43:59 -------- d-----w- c:\program files\Speccy
2014-02-21 15:04:56 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\offreg.dll
2014-02-21 05:16:25 7947048 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\mpengine.dll
2014-02-20 01:55:10 -------- d-----w- c:\program files\iTunes
2014-02-20 01:55:10 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-20 01:50:44 -------- d-----w- c:\program files\Bonjour
2014-02-19 19:41:16 7947048 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-18 18:07:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-17 08:38:43 -------- dc-h--w- c:\windows\ie8
2014-02-16 07:18:15 -------- d-----w- c:\documents and settings\dashel r\application data\CrystalIdea Software
2014-02-15 06:02:02 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-02-15 06:02:02 22776944 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-02-15 06:02:00 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-02-15 06:00:57 194560 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2014-02-15 06:00:25 118896 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2014-02-15 06:00:24 647280 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2014-02-15 06:00:24 53360 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-02-15 06:00:23 3494512 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-02-15 06:00:23 307824 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-02-15 06:00:23 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-02-15 06:00:22 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-02-15 06:00:22 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-02-15 06:00:19 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-02-15 06:00:17 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-02-15 06:00:16 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-02-11 20:51:40 -------- d-----w- C:\New Folder
2014-02-08 23:05:04 -------- d-----w- c:\documents and settings\dashel r\application data\asoftech
2014-02-01 00:17:58 -------- d-----w- c:\documents and settings\dashel r\local settings\application data\WinISO Computing
2014-01-28 21:13:28 -------- d-----w- c:\documents and settings\dashel r\local settings\application data\Corel
.
==================== Find3M ====================
.
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-02-05 18:57:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 18:57:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-12-04 23:00:15 39048 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2005-06-01 18:14:41 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16:07 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04:26 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-04 01:59:07 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 5:18:54.09 ===============
to see if my PC desktop's constant freezing is from malware.
Here's DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Dashel R at 5:16:01 on 2014-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.285 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
dURLSearchHooks: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: AIM Search: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: ITBarLayout - LocalServer32 - <no file>
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: AIM Search: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - c:\program files\aim toolbar\AIMBar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FreshDownload Bar: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} -
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
dRunOnce: [RunNarrator] Narrator.exe
mExplorerRun: [SysLogger32] rundll32.exe "c:\windows\security\syslogs\core32_176.dll",z
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {413D68F3-BF21-4E7B-ACA6-50C6394304BC} - c:\program files\freshdevices\freshdownload\fd.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - <orphaned>
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\\DownloadPDF.exe
LSP: c:\program files\speedbit video accelerator\sblsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1351444110390
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348869713890
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Name-Space Handler: HTTPS\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - <orphaned>
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\AppInitHook321.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dashel r\application data\mozilla\firefox\profiles\abg9ebcp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=2&CUI=UN21668833222002578&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.autoDisableScopes, 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R1 MpKslccd9acc2;MpKslccd9acc2;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\MpKslccd9acc2.sys [2014-2-21 39464]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2004-10-5 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys --> c:\windows\system32\drivers\anvsnddrv.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys --> c:\windows\system32\drivers\cccp106.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-1 35144]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-18 40776]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-2-6 133392]
S3 SBUpdd;SpeedBit UpdateD;\??\c:\program files\common files\speedbit\sbupdate\sbw.sys --> c:\program files\common files\speedbit\sbupdate\sbw.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-3-7 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-3-7 25704]
S4 0096561348771546mcinstcleanup;McAfee Application Installer Cleanup (0096561348771546);c:\docume~1\dashel~1\locals~1\temp\009656~1.exe -cleanup -nolog --> c:\docume~1\dashel~1\locals~1\temp\009656~1.EXE -cleanup -nolog [?]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
S4 SBUpd;SpeedBit Update;c:\program files\common files\speedbit\sbupdate\sbu.exe /service --> c:\program files\common files\speedbit\sbupdate\sbu.exe [?]
S4 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: Documents.exe: open=c:\documents and settings\dashel r\my documents\downloads\PSXGameEdit.exe "%1"
.
=============== Created Last 30 ================
.
2014-02-21 22:00:37 39464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\MpKslccd9acc2.sys
2014-02-21 19:43:59 -------- d-----w- c:\program files\Speccy
2014-02-21 15:04:56 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\offreg.dll
2014-02-21 05:16:25 7947048 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8afe1b6b-4813-4bd0-9cba-87866f26e15e}\mpengine.dll
2014-02-20 01:55:10 -------- d-----w- c:\program files\iTunes
2014-02-20 01:55:10 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-20 01:50:44 -------- d-----w- c:\program files\Bonjour
2014-02-19 19:41:16 7947048 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-18 18:07:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-17 08:38:43 -------- dc-h--w- c:\windows\ie8
2014-02-16 07:18:15 -------- d-----w- c:\documents and settings\dashel r\application data\CrystalIdea Software
2014-02-15 06:02:02 93808 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2014-02-15 06:02:02 22776944 ----a-w- c:\program files\mozilla firefox\xul.dll
2014-02-15 06:02:00 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2014-02-15 06:00:57 194560 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2014-02-15 06:00:25 118896 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2014-02-15 06:00:24 647280 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2014-02-15 06:00:24 53360 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2014-02-15 06:00:23 3494512 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2014-02-15 06:00:23 307824 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2014-02-15 06:00:23 275568 ----a-w- c:\program files\mozilla firefox\firefox.exe
2014-02-15 06:00:22 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2014-02-15 06:00:22 117360 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2014-02-15 06:00:19 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-02-15 06:00:17 75376 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2014-02-15 06:00:16 20080 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2014-02-11 20:51:40 -------- d-----w- C:\New Folder
2014-02-08 23:05:04 -------- d-----w- c:\documents and settings\dashel r\application data\asoftech
2014-02-01 00:17:58 -------- d-----w- c:\documents and settings\dashel r\local settings\application data\WinISO Computing
2014-01-28 21:13:28 -------- d-----w- c:\documents and settings\dashel r\local settings\application data\Corel
.
==================== Find3M ====================
.
2014-02-05 23:26:52 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26:37 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24:05 385024 ----a-w- c:\windows\system32\html.iec
2014-02-05 18:57:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 18:57:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26:06 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-12-04 23:00:15 39048 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2005-06-01 18:14:41 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16:07 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04:26 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47:20 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-04 01:59:07 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08:33 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
.
============= FINISH: 5:18:54.09 ===============