Hello, A few days ago my homepage started appearing as westernunion .com, I never visit that site. I've tried many times to change the homepage but everytime I restart Firefox or Internet Explorer it becomes my homepage again. I've looked all over for solutions but nothing worked. I ran a full malwarebytes scan it found a few things, I removed them, then I did a full Microsoft Security Essentials scan and that found nothing. Still No luck, any help would be greatly appreciated. I'm running out of hair to pull out. haha
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 5:00:24 on 2013-01-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2280 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files\EaseUS\EaseUS Partition Master 9.1.1 Home Edition\bin\EpmNews.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://westernunion.com
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Daofuzdep] "c:\documents and settings\chris\application data\zooni\arusv.exe"
mRun: [StartCCC] "c:\program files\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [librtexec] javaw -jar "c:\program files\java\jre6\lib\librtexec.jar"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 9.1.1 home edition\bin\EpmNews.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\chris\application data\leadertech\powerregister\Seagate NA41GRNT Product Registration.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{08DCADFC-5C88-4CA8-8ACF-9057DF38ECE1} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 119.42.146.34 www.warez-bb.org
Hosts: 119.42.146.36 www.warez-bb.org
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\whz27ecy.default\
FF - prefs.js: browser.startup.homepage - hxxp://westernunion.com
FF - component: c:\documents and settings\chris\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-02 21:30; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\chris\application data\mozilla\firefox\profiles\whz27ecy.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: !HIDDEN! 2011-02-23 03:42; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\chris\application data\idm\idmmzcc3
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://westernunion.com
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/06/11 00:00:07];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-1-11 87536]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-6-10 87336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-11 21992]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-6-10 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-6-10 296232]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-6-10 120432]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-6-14 14976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-25 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-25 1369624]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-9-12 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-7 22856]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]
S0 huhrl;huhrl;c:\windows\system32\drivers\pmhxj.sys --> c:\windows\system32\drivers\pmhxj.sys [?]
S1 ArcSec;archlp;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 6077757b;6077757b;\??\c:\windows\system32\drivers\regi.sys --> c:\windows\system32\drivers\regi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-7 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-7 676936]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-25 168384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-9-12 28256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-5 8456]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-2-11 97112]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\nanmp50.sys --> c:\windows\system32\drivers\NANMp50.sys [?]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nansp50.sys --> c:\windows\system32\drivers\NANSp50.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-7-27 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2013-01-25 10:13:18 388096 ----a-r- c:\documents and settings\chris\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-25 10:13:17 -------- d-----w- c:\program files\Trend Micro
2013-01-25 07:39:00 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-25 07:38:50 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-25 07:38:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-25 06:04:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-25 06:04:20 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-25 06:01:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Zooni
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Bynow
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Buih
2013-01-19 20:03:17 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{234c462b-b706-4a33-ba3b-9a132fcfd1fd}\mpengine.dll
2013-01-18 18:38:11 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-16 03:47:56 -------- d-----w- C:\Poison Ivy.The New Seduction.[1997].[Unrated].BRRip.720p.x264 Dual Audio [Hindi+English].by K@rtik [ExD Exclusive]
2013-01-13 02:14:53 -------- d-----w- c:\program files\Xilisoft
2013-01-13 02:14:53 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2013-01-12 16:59:26 37888 ----a-w- c:\documents and settings\chris\application data\microsoft\xlsget32.dll
2013-01-05 18:43:50 12800 ----a-w- c:\documents and settings\chris\application data\microsoft\dllloader.dll
2013-01-05 08:03:19 -------- d-----w- C:\Role.Models[2008][Unrated.Edition]DvDrip-aXXo
2013-01-02 23:39:07 -------- d-----w- c:\program files\Firestorm-Release
2012-12-28 19:54:46 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-12-18 03:37:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 03:37:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 19:23:24 464024 ----a-r- c:\windows\system32\cpnprt2win32.cid
2012-07-12 08:28:44 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 5:01:04.15 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Chris at 5:00:24 on 2013-01-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2280 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
C:\Program Files\EaseUS\EaseUS Partition Master 9.1.1 Home Edition\bin\EpmNews.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://westernunion.com
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Daofuzdep] "c:\documents and settings\chris\application data\zooni\arusv.exe"
mRun: [StartCCC] "c:\program files\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [librtexec] javaw -jar "c:\program files\java\jre6\lib\librtexec.jar"
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PowerDVD12DMREngine] "c:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "c:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [EaseUS EPM tray] c:\program files\easeus\easeus partition master 9.1.1 home edition\bin\EpmNews.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\chris\application data\leadertech\powerregister\Seagate NA41GRNT Product Registration.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{08DCADFC-5C88-4CA8-8ACF-9057DF38ECE1} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 119.42.146.34 www.warez-bb.org
Hosts: 119.42.146.36 www.warez-bb.org
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\whz27ecy.default\
FF - prefs.js: browser.startup.homepage - hxxp://westernunion.com
FF - component: c:\documents and settings\chris\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-02 21:30; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\chris\application data\mozilla\firefox\profiles\whz27ecy.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: !HIDDEN! 2011-02-23 03:42; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\chris\application data\idm\idmmzcc3
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://westernunion.com
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/06/11 00:00:07];c:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-1-11 87536]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2012-6-10 87336]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-11 21992]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2012-6-10 75048]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2012-6-10 296232]
R2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2012-6-10 120432]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2011-6-14 14976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-1-25 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-1-25 1369624]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-9-12 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-7 22856]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006]
S0 huhrl;huhrl;c:\windows\system32\drivers\pmhxj.sys --> c:\windows\system32\drivers\pmhxj.sys [?]
S1 ArcSec;archlp;c:\windows\system32\drivers\arcsec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S2 6077757b;6077757b;\??\c:\windows\system32\drivers\regi.sys --> c:\windows\system32\drivers\regi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-7 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-7 676936]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-1-25 168384]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-9-12 28256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-5 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-5 8456]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2011-2-11 97112]
S3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\drivers\nanmp50.sys --> c:\windows\system32\drivers\NANMp50.sys [?]
S3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nansp50.sys --> c:\windows\system32\drivers\NANSp50.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-7-27 34064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== Created Last 30 ================
.
2013-01-25 10:13:18 388096 ----a-r- c:\documents and settings\chris\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-25 10:13:17 -------- d-----w- c:\program files\Trend Micro
2013-01-25 07:39:00 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2013-01-25 07:38:50 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-01-25 07:38:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-01-25 06:04:20 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-01-25 06:04:20 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-25 06:01:27 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Zooni
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Bynow
2013-01-20 21:27:03 -------- d-----w- c:\documents and settings\chris\application data\Buih
2013-01-19 20:03:17 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{234c462b-b706-4a33-ba3b-9a132fcfd1fd}\mpengine.dll
2013-01-18 18:38:11 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-16 03:47:56 -------- d-----w- C:\Poison Ivy.The New Seduction.[1997].[Unrated].BRRip.720p.x264 Dual Audio [Hindi+English].by K@rtik [ExD Exclusive]
2013-01-13 02:14:53 -------- d-----w- c:\program files\Xilisoft
2013-01-13 02:14:53 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2013-01-12 16:59:26 37888 ----a-w- c:\documents and settings\chris\application data\microsoft\xlsget32.dll
2013-01-05 18:43:50 12800 ----a-w- c:\documents and settings\chris\application data\microsoft\dllloader.dll
2013-01-05 08:03:19 -------- d-----w- C:\Role.Models[2008][Unrated.Edition]DvDrip-aXXo
2013-01-02 23:39:07 -------- d-----w- c:\program files\Firestorm-Release
2012-12-28 19:54:46 -------- d-----w- c:\program files\Microsoft Security Client
.
==================== Find3M ====================
.
2012-12-18 03:37:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-18 03:37:20 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 19:23:24 464024 ----a-r- c:\windows\system32\cpnprt2win32.cid
2012-07-12 08:28:44 2174976 ----a-w- c:\program files\common files\atimpenc.dll
.
============= FINISH: 5:01:04.15 ===============