Jump to content


Photo
- - - - -

Pls Help - Trojan BHO.O - Logs attached


  • This topic is locked This topic is locked
14 replies to this topic

#1 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 31 August 2010 - 10:32 PM

i ran malwarebytes to remove the trojan but it keeps showing up after the reboot. i have updated the malwarebytes.

attached are the requested logs.

thank you for your help.
janell

DDS (Ver_10-03-17.01) - NTFSX64
Run by dooley at 23:02:33.96 on Tue 08/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6050 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\dooley\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\Spanel.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\caller64.exe
C:\Users\dooley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8EO3GN\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dooley\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\dooley\appdata\local\temp\low\COUPON~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files (x86)\myfreezetoolbar\auxi\myfreezetoolbAu.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\dooley\appdata\local\temp\low\CouponBarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Octoshape Streaming Services] "c:\users\dooley\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; ety8v64_cfg)" -"http://www8.agame.co...ogames_com.htm"
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\syswow64\NeroCheck.exe
mRun: [KBD] c:\program files (x86)\hewlett-packard\kbd\KbdStub.EXE
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: jacobs.com\prolog
Trusted Zone: jacobs.com\prologtn
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~4\GO36F4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun-x64: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dooley\appdata\roaming\mozilla\firefox\profiles\xobiklfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npicaN.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-7 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-7 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-7 317520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-7 308136]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-4 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-9 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-7 431432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-1-17 30192]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\drivers\pcouffin64a.sys [2009-12-15 55136]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-2-7 161448]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-1 1255736]

=============== Created Last 30 ================

2010-09-01 02:59:21 20 ----a-w- c:\users\dooley\defogger_reenable
2010-08-31 05:32:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-27 14:15:40 0 d-----w- c:\users\dooley\appdata\roaming\Catalina Marketing Corp
2010-08-25 03:32:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 03:32:13 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-12 21:23:32 0 d-----w- c:\program files (x86)\Cisco Systems
2010-08-12 21:20:24 0 d-----w- c:\programdata\Cisco Systems
2010-08-12 14:03:15 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-12 14:03:12 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-11 18:55:37 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:55:37 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:55:36 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 18:55:16 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:55:16 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 18:51:08 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:49:50 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:49:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-11 18:49:27 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-11 18:48:45 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:48:18 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:48:18 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-07 16:40:51 0 d-----w- c:\program files (x86)\McAfee
2010-08-07 16:39:00 0 d-----w- C:\Virus_Scan_8.7_with_Patch_2
2010-08-07 16:38:16 0 d--h--w- C:\$AVG
2010-08-07 16:15:58 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-07 16:15:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-07 16:15:52 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-07 16:15:50 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-07 16:15:50 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-07 16:15:48 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-07 16:13:07 0 d-----w- c:\program files (x86)\AVG
2010-08-07 16:12:52 0 d-----w- c:\programdata\avg9
2010-08-07 15:42:11 0 d-----w- c:\users\dooley\appdata\roaming\AVP 2009
2010-08-07 14:54:43 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-03 19:00:48 0 d-----w- c:\windows\pss
2010-08-03 15:18:25 0 d-----w- c:\users\dooley\appdata\roaming\Malwarebytes
2010-08-03 15:17:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-03 15:17:50 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 19:18:29 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-07-29 04:38:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-09 22:38:00 930272 ----a-w- c:\windows\system32\dpinst.exe
2010-07-09 22:38:00 660072 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 65128 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 56936 ----a-w- c:\windows\syswow64\OpenCL.dll
2010-07-09 22:38:00 2761832 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 260712 ----a-w- c:\windows\system32\nvcod1922.dll
2010-07-09 22:38:00 14513768 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 22:38:00 10267240 ----a-w- c:\windows\syswow64\nvcompiler.dll
2010-07-07 17:46:54 660072 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-30 04:12:16 13312 ----a-w- c:\windows\LPRES.DLL
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-13 22:31:10 42 ----a-w- c:\users\dooley\jagex_runescape_preferences.dat
2010-06-07 17:31:01 99384 ----a-w- c:\users\dooley\appdata\roaming\inst.exe
2010-06-07 17:31:01 82816 ----a-w- c:\users\dooley\appdata\roaming\pcouffin.sys
2010-06-06 15:52:21 23143 ----a-w- c:\windows\hpqins15.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:03:29.17 ===============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/7/2010 11:21:52 AM
mbam-log-2010-08-07 (11-21-52).txt

Scan type: Quick scan
Objects scanned: 140386
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dooley\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

Attached Files



#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 31 August 2010 - 11:53 PM

Hi and welcome to Malwarebytes.


Please download CCleaner and save it to your desktop.
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!
Now, open CCleaner:
  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


Restart your computer.



Update MBAM (your database is 200 versions behind), run a Quick Scan, and post its log.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 September 2010 - 07:53 AM

here is the log after i ran the ccleaner and mbam.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/1/2010 8:50:19 AM
mbam-log-2010-09-01 (08-50-19).txt

Scan type: Quick scan
Objects scanned: 137429
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dooley\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

#4 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 September 2010 - 07:21 AM

the trojan still shows up after the reboot.

i would appreciate any help you can provide.

thanks,
janell

#5 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 September 2010 - 04:36 AM

Hi Janell,


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.


-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2010 - 07:24 AM

i have windows 7 and 64 bit.

combofix does not work with 64 bit.

pls help.

thanks,
janell ;)

#7 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 03 September 2010 - 03:01 PM

My mistake.


Navigate to this folder:

C:\Users\dooley\AppData\Local\Temp\low


Can you delete it manually? Does it even exist?
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2010 - 04:48 PM

it doesn't exsist.

what program should i use instead?

#9 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2010 - 04:51 PM

actually that folder does exsist. should i do something with it.

#10 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 03 September 2010 - 07:33 PM

i ran malwarebytes to remove the trojan but it keeps showing up after the reboot. i have updated the malwarebytes.

attached are the requested logs.

thank you for your help.
janell

DDS (Ver_10-03-17.01) - NTFSX64
Run by dooley at 23:02:33.96 on Tue 08/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6050 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\dooley\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\Spanel.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\caller64.exe
C:\Users\dooley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8EO3GN\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dooley\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\dooley\appdata\local\temp\low\COUPON~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files (x86)\myfreezetoolbar\auxi\myfreezetoolbAu.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\dooley\appdata\local\temp\low\CouponBarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Octoshape Streaming Services] "c:\users\dooley\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; ety8v64_cfg)" -"http://www8.agame.co...ogames_com.htm"
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\syswow64\NeroCheck.exe
mRun: [KBD] c:\program files (x86)\hewlett-packard\kbd\KbdStub.EXE
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: jacobs.com\prolog
Trusted Zone: jacobs.com\prologtn
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~4\GO36F4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun-x64: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dooley\appdata\roaming\mozilla\firefox\profiles\xobiklfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npicaN.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-7 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-7 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-7 317520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-7 308136]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-4 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-9 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-7 431432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-1-17 30192]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\drivers\pcouffin64a.sys [2009-12-15 55136]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-2-7 161448]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-1 1255736]

=============== Created Last 30 ================

2010-09-01 02:59:21 20 ----a-w- c:\users\dooley\defogger_reenable
2010-08-31 05:32:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-27 14:15:40 0 d-----w- c:\users\dooley\appdata\roaming\Catalina Marketing Corp
2010-08-25 03:32:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 03:32:13 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-12 21:23:32 0 d-----w- c:\program files (x86)\Cisco Systems
2010-08-12 21:20:24 0 d-----w- c:\programdata\Cisco Systems
2010-08-12 14:03:15 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-12 14:03:12 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-11 18:55:37 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:55:37 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:55:36 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 18:55:16 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:55:16 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 18:51:08 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:49:50 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:49:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-11 18:49:27 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-11 18:48:45 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:48:18 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:48:18 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-07 16:40:51 0 d-----w- c:\program files (x86)\McAfee
2010-08-07 16:39:00 0 d-----w- C:\Virus_Scan_8.7_with_Patch_2
2010-08-07 16:38:16 0 d--h--w- C:\$AVG
2010-08-07 16:15:58 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-07 16:15:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-07 16:15:52 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-07 16:15:50 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-07 16:15:50 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-07 16:15:48 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-07 16:13:07 0 d-----w- c:\program files (x86)\AVG
2010-08-07 16:12:52 0 d-----w- c:\programdata\avg9
2010-08-07 15:42:11 0 d-----w- c:\users\dooley\appdata\roaming\AVP 2009
2010-08-07 14:54:43 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-03 19:00:48 0 d-----w- c:\windows\pss
2010-08-03 15:18:25 0 d-----w- c:\users\dooley\appdata\roaming\Malwarebytes
2010-08-03 15:17:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-03 15:17:50 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 19:18:29 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-07-29 04:38:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-09 22:38:00 930272 ----a-w- c:\windows\system32\dpinst.exe
2010-07-09 22:38:00 660072 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 65128 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 56936 ----a-w- c:\windows\syswow64\OpenCL.dll
2010-07-09 22:38:00 2761832 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 260712 ----a-w- c:\windows\system32\nvcod1922.dll
2010-07-09 22:38:00 14513768 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 22:38:00 10267240 ----a-w- c:\windows\syswow64\nvcompiler.dll
2010-07-07 17:46:54 660072 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-30 04:12:16 13312 ----a-w- c:\windows\LPRES.DLL
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-13 22:31:10 42 ----a-w- c:\users\dooley\jagex_runescape_preferences.dat
2010-06-07 17:31:01 99384 ----a-w- c:\users\dooley\appdata\roaming\inst.exe
2010-06-07 17:31:01 82816 ----a-w- c:\users\dooley\appdata\roaming\pcouffin.sys
2010-06-06 15:52:21 23143 ----a-w- c:\windows\hpqins15.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:03:29.17 ===============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/7/2010 11:21:52 AM
mbam-log-2010-08-07 (11-21-52).txt

Scan type: Quick scan
Objects scanned: 140386
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dooley\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.


Attached File(s)
Attach.zip ( 3.49K ) Number of downloads: 1
ark.zip ( 112bytes ) Number of downloads: 1

#11 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 04 September 2010 - 04:46 PM

pls help!!!!

#12 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 06 September 2010 - 06:53 PM

Pls help. I tried to get help last week but the person dropped me. the last step he wanted me to do was run combofix. Problem is that i'm operating with windows 7 and 64 bit. combofix can't be used for my system. the person never got back to me. I would love to get this trojan removed ASAP.

thank you for your help.
j

Attached Files



#13 janell

janell

    New Member

  • Members
  • Pip
  • 10 posts

Posted 06 September 2010 - 07:03 PM

sorry i forgot the malwarebyte log.

i ran malwarebytes to remove the trojan but it keeps showing up after the reboot. i have updated the malwarebytes.

attached are the requested logs.

thank you for your help.
janell

DDS (Ver_10-03-17.01) - NTFSX64
Run by dooley at 23:02:33.96 on Tue 08/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6050 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\dooley\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\splwow64.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\Spanel.exe
C:\Program Files (x86)\SAMSUNG\Samsung CLP-510 Series\SPanel\caller64.exe
C:\Users\dooley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF8EO3GN\Defogger[1].exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dooley\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\dooley\appdata\local\temp\low\COUPON~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Updater For My.Freeze.com Toolbar: {c26cd490-5f01-41e3-b150-eb29f19da056} - c:\program files (x86)\myfreezetoolbar\auxi\myfreezetoolbAu.dll
BHO: {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\dooley\appdata\local\temp\low\CouponBarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Octoshape Streaming Services] "c:\users\dooley\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\syswow64\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.3; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; ety8v64_cfg)" -"http://www8.agame.co...ogames_com.htm"
mRun: [NWEReboot]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [NeroFilterCheck] c:\windows\syswow64\NeroCheck.exe
mRun: [KBD] c:\program files (x86)\hewlett-packard\kbd\KbdStub.EXE
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files (x86)\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: jacobs.com\prolog
Trusted Zone: jacobs.com\prologtn
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~4\GO36F4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun-x64: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\dooley\appdata\roaming\mozilla\firefox\profiles\xobiklfd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files (x86)\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files (x86)\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npicaN.dll
FF - plugin: c:\users\dooley\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-8-7 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-8-7 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-8-7 317520]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-8-7 308136]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2010-1-4 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-9 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-7 431432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\google\google desktop search\GoogleDesktop.exe [2010-1-17 30192]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\drivers\pcouffin64a.sys [2009-12-15 55136]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-2-7 161448]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-1 1255736]

=============== Created Last 30 ================

2010-09-01 02:59:21 20 ----a-w- c:\users\dooley\defogger_reenable
2010-08-31 05:32:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-27 14:15:40 0 d-----w- c:\users\dooley\appdata\roaming\Catalina Marketing Corp
2010-08-25 03:32:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 03:32:13 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-12 21:23:32 0 d-----w- c:\program files (x86)\Cisco Systems
2010-08-12 21:20:24 0 d-----w- c:\programdata\Cisco Systems
2010-08-12 14:03:15 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-08-12 14:03:12 0 d-----w- c:\program files\Microsoft Security Essentials
2010-08-11 18:55:37 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 18:55:37 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 18:55:36 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-11 18:55:16 340992 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 18:55:16 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-11 18:51:08 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-11 18:49:50 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 18:49:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-11 18:49:27 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-11 18:48:45 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 18:48:18 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 18:48:18 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-07 16:40:51 0 d-----w- c:\program files (x86)\McAfee
2010-08-07 16:39:00 0 d-----w- C:\Virus_Scan_8.7_with_Patch_2
2010-08-07 16:38:16 0 d--h--w- C:\$AVG
2010-08-07 16:15:58 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-08-07 16:15:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-08-07 16:15:52 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-08-07 16:15:50 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-08-07 16:15:50 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-07 16:15:48 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-07 16:13:07 0 d-----w- c:\program files (x86)\AVG
2010-08-07 16:12:52 0 d-----w- c:\programdata\avg9
2010-08-07 15:42:11 0 d-----w- c:\users\dooley\appdata\roaming\AVP 2009
2010-08-07 14:54:43 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-03 19:00:48 0 d-----w- c:\windows\pss
2010-08-03 15:18:25 0 d-----w- c:\users\dooley\appdata\roaming\Malwarebytes
2010-08-03 15:17:51 0 d-----w- c:\programdata\Malwarebytes
2010-08-03 15:17:50 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-02 19:18:29 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-07-29 04:38:41 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-09 22:38:00 930272 ----a-w- c:\windows\system32\dpinst.exe
2010-07-09 22:38:00 660072 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 65128 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 56936 ----a-w- c:\windows\syswow64\OpenCL.dll
2010-07-09 22:38:00 2761832 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 260712 ----a-w- c:\windows\system32\nvcod1922.dll
2010-07-09 22:38:00 14513768 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 22:38:00 10267240 ----a-w- c:\windows\syswow64\nvcompiler.dll
2010-07-07 17:46:54 660072 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-30 04:12:16 13312 ----a-w- c:\windows\LPRES.DLL
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-13 22:31:10 42 ----a-w- c:\users\dooley\jagex_runescape_preferences.dat
2010-06-07 17:31:01 99384 ----a-w- c:\users\dooley\appdata\roaming\inst.exe
2010-06-07 17:31:01 82816 ----a-w- c:\users\dooley\appdata\roaming\pcouffin.sys
2010-06-06 15:52:21 23143 ----a-w- c:\windows\hpqins15.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:03:29.17 ===============

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4385

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/7/2010 11:21:52 AM
mbam-log-2010-08-07 (11-21-52).txt

Scan type: Quick scan
Objects scanned: 140386
Time elapsed: 8 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dooley\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.


Attached File(s)
Attach.zip ( 3.49K ) Number of downloads: 1
ark.zip ( 112bytes ) Number of downloads: 1

#14 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 September 2010 - 09:29 PM

janell,


I have no idea why I didn't receive notifications of any of your replies; please accept my sincerest apologies.


Please navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following programs (if present):

Coupon Printer for Windows
CouponBar
Java™ 6 Update 20


Restart your computer.

Get the latest version of Java.


Update MBAM, run a Quick Scan, and post its log.
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 12 October 2010 - 04:40 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users