DDS (Ver_09-07-30.01) - NTFSx86
Run by karen at 22:36:46.37 on Sun 08/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.483 [GMT -4:00]
AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {6200F066-CD6A-4830-8A81-0A7D31982943}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
c:\docume~1\clara\locals~1\temp\cdm\{bdc8bfdd-5409-445e-aa8f-edee01fb90c1}\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PersonalAV\pav.exe
C:\WINDOWS\system32\NetFilter.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\karen\LOCALS~1\Temp\jwrbf.exe
C:\DOCUME~1\karen\LOCALS~1\Temp\ooxf.exe
C:\DOCUME~1\karen\LOCALS~1\Temp\wingwchdw.exe
C:\DOCUME~1\karen\LOCALS~1\Temp\w65db3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\karen\Local Settings\Temporary Internet Files\Content.IE5\C0MHZZJI\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/uSearch Bar =
hxxp://safesearch.cyberdefender.com/smallsearch.htmlmSearchAssistant =
hxxp://search.live.com/sphome.aspxuURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: : {a77d3539-581d-450c-9e44-a84c415a6172} - c:\windows\system32\msxmlm.dll
BHO: &Research: {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\windriver.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US
ee://aol/imAppuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PersonalAV] c:\program files\personalav\pav.exe
mRun: [MSDRV] NetFilter.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm176RFUSIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/stg_drm.ocxDPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} -
hxxp://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cabDPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabDPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} -
hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233617249390DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cabDPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} -
file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocxDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
hxxp://www.popcap.com/webgames/popcaploader_v10.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-20 24652]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nrnljk.sys --> c:\windows\system32\drivers\nrnljk.sys [?]
S2 gupdate1c99dffe9cb4e2a;Google Update Service (gupdate1c99dffe9cb4e2a);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 210928]
=============== Created Last 30 ================
2009-08-08 11:11 106,496 a------- c:\windows\system32\NetFilter.exe
2009-08-08 11:11 61,440 a------- c:\windows\system32\ndisapi.dll
2009-08-08 11:11 24,576 a------- c:\windows\system32\drivers\ndisrd.sys
2009-08-08 11:11 377,856 a------- c:\windows\system32\msxmlm.dll
2009-08-08 11:11
--d----- c:\program files\common files\Uninstall
2009-08-08 11:10 --d----- c:\program files\PersonalAV
2009-08-07 13:09 --dsh--- c:\documents and settings\karen\PrivacIE
2009-08-07 12:41 --d----- c:\docume~1\karen\applic~1\AVG8
2009-08-07 12:36 --dsh--- c:\documents and settings\karen\IETldCache
2009-08-07 12:32 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-08-07 12:32 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-08-07 12:32 --d----- c:\windows\ie8updates
2009-08-07 12:31 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-08-07 12:29 -cd-h--- c:\windows\ie8
2009-08-03 14:37 --d----- c:\program files\common files\Windows Live
2009-07-19 15:08 --d-h--- c:\windows\system32\GroupPolicy
2009-07-12 17:55 --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2009-07-12 00:10 --d----- c:\docume~1\karen\applic~1\Playrix Entertainment
==================== Find3M ====================
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-31 16:12 68,296 a------- c:\windows\hpoins05.dat
2009-03-05 12:36 7,125,024 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-05 12:36 125,984 a--sh--- c:\windows\system32\drivers\fidbox2.dat
============= FINISH: 22:37:13.99 ===============