Hello
I seem to have some sort of spyware/malware on my computer. My internet connection has been incredibly slow and when I click on a link from a search engine a different web page opens.
I'm not very computer savvy so I apologise for the lack of detail given.
Thanks in advanced
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by wt00001 at 12:21:33 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1866 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\NetSupport\NetSupport DNA\Client\DNAClient.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\wt00001\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8E365EE1760CE9CF7A297B50743AFDA7
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [Google Update] "c:\documents and settings\wt00001\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Spotify Web Helper] "c:\documents and settings\wt00001\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 131.227.100.5 131.227.130.5 131.227.131.5
TCP: Interfaces\{4D032025-783E-4BE8-A2DD-E17E5CBE5E53} : DhcpNameServer = 131.227.100.5 131.227.130.5 131.227.131.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R0 iastor4;iastor4;c:\windows\system32\drivers\iastor4.sys [2010-6-24 330264]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-21 343920]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-9-21 24064]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-9 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-21 70728]
R2 NetSupport DNA Client;NetSupport DNA Client;c:\program files\netsupport\netsupport dna\client\DNAClient.exe [2011-1-26 267784]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-9 722528]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-9-21 173736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-21 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-21 43288]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 Bruker FLEXlm License Server;Bruker FLEXlm License Server;c:\flexlm\bruker\lmgrd.exe [2012-3-26 815104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MaterialsStudioGateway;Materials Studio Gateway;c:\program files\accelrys\materials studio 6.0\bin\httpd.exe [2011-12-7 18432]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-9 250808]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-21 66600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-11 09:27:06 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6424e54-272f-41b8-8dca-b1425effb72e}\mpengine.dll
2012-10-11 09:27:04 237072 ------w- c:\windows\system32\MPSIGSTUB.EXE
2012-10-11 09:23:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-11 08:49:53 -------- d-----w- c:\documents and settings\wt00001\application data\blekko
2012-10-11 08:49:43 -------- d-----w- c:\documents and settings\wt00001\application data\TuneUp Software
2012-10-11 08:49:43 -------- d-----w- c:\documents and settings\wt00001\application data\AVG2013
2012-10-11 08:49:07 -------- d--h--w- C:\$AVG
2012-10-09 14:59:47 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-09 14:57:39 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\adawarebp
2012-10-09 14:57:35 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-10-09 13:32:30 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\PCHealth
2012-10-09 13:10:58 -------- d-----w- c:\documents and settings\wt00001\application data\LavasoftStatistics
2012-10-09 12:59:55 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-10-09 12:37:08 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\AVG Secure Search
2012-10-09 12:37:05 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-10-09 12:37:02 -------- d-----w- c:\documents and settings\wt00001\application data\AVG Secure Search
2012-10-09 12:37:01 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 12:37:00 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-10-09 12:36:59 -------- d-----w- c:\program files\AVG Secure Search
2012-10-09 12:36:27 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-10-09 12:35:11 -------- d-----w- c:\program files\AVG
2012-10-09 12:25:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\MFAData
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\Avg2013
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-10-09 11:23:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:23:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:20:13 -------- d-----w- c:\documents and settings\wt00001\application data\YourFileDownloader
2012-09-17 17:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 10:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
==================== Find3M ====================
.
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-22 09:27:13 1073152 ----a-w- c:\program files\PrinterWidget.exe
2012-08-13 15:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2011-11-28 11:11:36 606208 ----a-w- c:\program files\IT_Support.exe
2011-11-14 11:13:11 143360 ----a-w- c:\program files\UOS_SECURE.exe
2010-07-12 12:55:04 218112 ----a-w- c:\program files\wordpad.exe
2008-11-07 11:46:57 1894 ----a-w- c:\program files\IT_SUPPORT.bat
.
============= FINISH: 12:22:12.81 ===============
I seem to have some sort of spyware/malware on my computer. My internet connection has been incredibly slow and when I click on a link from a search engine a different web page opens.
I'm not very computer savvy so I apologise for the lack of detail given.
Thanks in advanced
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.4.1
Run by wt00001 at 12:21:33 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1866 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\NetSupport\NetSupport DNA\Client\DNAClient.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\wt00001\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\wt00001\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8E365EE1760CE9CF7A297B50743AFDA7
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [Google Update] "c:\documents and settings\wt00001\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Spotify Web Helper] "c:\documents and settings\wt00001\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 131.227.100.5 131.227.130.5 131.227.131.5
TCP: Interfaces\{4D032025-783E-4BE8-A2DD-E17E5CBE5E53} : DhcpNameServer = 131.227.100.5 131.227.130.5 131.227.131.5
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R0 iastor4;iastor4;c:\windows\system32\drivers\iastor4.sys [2010-6-24 330264]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-9-21 343920]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-9-21 24064]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-9 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-9-21 70728]
R2 NetSupport DNA Client;NetSupport DNA Client;c:\program files\netsupport\netsupport dna\client\DNAClient.exe [2011-1-26 267784]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-9 722528]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2011-9-21 173736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-21 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-9-21 43288]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 Bruker FLEXlm License Server;Bruker FLEXlm License Server;c:\flexlm\bruker\lmgrd.exe [2012-3-26 815104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MaterialsStudioGateway;Materials Studio Gateway;c:\program files\accelrys\materials studio 6.0\bin\httpd.exe [2011-12-7 18432]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-9 250808]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-9-21 66600]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-11 09:27:06 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e6424e54-272f-41b8-8dca-b1425effb72e}\mpengine.dll
2012-10-11 09:27:04 237072 ------w- c:\windows\system32\MPSIGSTUB.EXE
2012-10-11 09:23:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-11 08:49:53 -------- d-----w- c:\documents and settings\wt00001\application data\blekko
2012-10-11 08:49:43 -------- d-----w- c:\documents and settings\wt00001\application data\TuneUp Software
2012-10-11 08:49:43 -------- d-----w- c:\documents and settings\wt00001\application data\AVG2013
2012-10-11 08:49:07 -------- d--h--w- C:\$AVG
2012-10-09 14:59:47 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-10-09 14:57:39 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\adawarebp
2012-10-09 14:57:35 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-10-09 13:32:30 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\PCHealth
2012-10-09 13:10:58 -------- d-----w- c:\documents and settings\wt00001\application data\LavasoftStatistics
2012-10-09 12:59:55 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-10-09 12:37:08 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\AVG Secure Search
2012-10-09 12:37:05 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-10-09 12:37:02 -------- d-----w- c:\documents and settings\wt00001\application data\AVG Secure Search
2012-10-09 12:37:01 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 12:37:00 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-10-09 12:36:59 -------- d-----w- c:\program files\AVG Secure Search
2012-10-09 12:36:27 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-10-09 12:35:11 -------- d-----w- c:\program files\AVG
2012-10-09 12:25:29 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\MFAData
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\wt00001\local settings\application data\Avg2013
2012-10-09 12:25:29 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-10-09 11:23:56 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:23:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 11:20:13 -------- d-----w- c:\documents and settings\wt00001\application data\YourFileDownloader
2012-09-17 17:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 10:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
==================== Find3M ====================
.
2012-08-30 21:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-22 09:27:13 1073152 ----a-w- c:\program files\PrinterWidget.exe
2012-08-13 15:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2011-11-28 11:11:36 606208 ----a-w- c:\program files\IT_Support.exe
2011-11-14 11:13:11 143360 ----a-w- c:\program files\UOS_SECURE.exe
2010-07-12 12:55:04 218112 ----a-w- c:\program files\wordpad.exe
2008-11-07 11:46:57 1894 ----a-w- c:\program files\IT_SUPPORT.bat
.
============= FINISH: 12:22:12.81 ===============