Thanks.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Ammy at 10:44:33.13 on Sun 06/09/2009
Internet Explorer: 7.0.6000.16609 BrowserJavaVersion: 1.6.0_03
Microsoft
Windows Vista
Home Basic 6.0.6000.0.1252.65.1033.18.2037.906 [GMT 10:00]
AV: Kaspersky Internet Security *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
SP: McAfee VirusScan *enabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ammy\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ammy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = local;192.168.1.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\$recycle.bin\s-bdc6~1\$r2tkwpk.sh! c:\$recycle.bin\s-bdc6~1\$r2tkwpk\mymusi~1.sh! c:\$recycle.bin\s-bdc6~1\$r2tkwpk\mypict~1.sh! c:\$recycle.bin\s-bdc6~1\$r2tkwpk\MYVIDE~1.SH!
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all with Free Download Manager -
file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager
IE: Download video with Free Download Manager
IE: Download with Free Download Manager -
file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office11\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kaspersky lab\kaspersky internet security 2010\kloehk.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\ammy\appdata\roaming\mozilla\firefox\profiles\5piqf0py.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\ammy\appdata\roaming\mozilla\firefox\profiles\5piqf0py.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\users\ammy\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
---- FIREFOX POLICIES ----
c:\users\ammy\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\users\ammy\greprefs\all.js - pref("media.cache_size", 51200);
c:\users\ammy\greprefs\all.js - pref("media.ogg.enabled", true);
c:\users\ammy\greprefs\all.js - pref("media.wave.enabled", true);
c:\users\ammy\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\users\ammy\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\users\ammy\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\users\ammy\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\users\ammy\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\users\ammy\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\users\ammy\greprefs\all.js - pref("layout.css.dpi", -1);
c:\users\ammy\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\users\ammy\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\users\ammy\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\users\ammy\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\users\ammy\greprefs\all.js - pref("geo.enabled", true);
c:\users\ammy\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\users\ammy\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\users\ammy\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\users\ammy\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\users\ammy\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\users\ammy\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\users\ammy\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\users\ammy\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\users\ammy\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\users\ammy\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\users\ammy\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\users\ammy\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [2009-4-26 179896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-3 210216]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-2-1 31704]
S2 0003991252157886mcinstcleanup;McAfee Application Installer Cleanup (0003991252157886);c:\windows\temp\0003991252157886mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\0003991252157886mcinst.exe c:\progra~1\common~1\mcafee\installer\cleanup.ini -cleanup -nolog -service [?]
S4 HssSrv;Hotspot Shield Helper Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-2-6 117208]