. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by Administrator at 12:45:24 on 2011-08-31 Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.1022.610 [GMT -7:00] . . ============== Running Processes =============== . C:\windows\system32\nvsvc32.exe C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\windows\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\windows\PixArt\PAC7302\Monitor.exe C:\windows\system32\RUNDLL32.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\ctfmon.exe C:\Program Files\MCShield\MCShieldRTM.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\wuauclt.exe C:\Program Files\MCShield\MCShieldUPD.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uURLSearchHooks: H - No File mWinlogon: SfcDisable=-99 (0xffffff9d) BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoInstrumentation = 1 (0x1) mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoInstrumentation = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291402398843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{0B0CC23F-CCFC-490E-9557-72A110998AB0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{9BCA674C-E8F0-4D24-9923-47735B1C9938} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ECAEB98B-2E04-4C80-83E3-9C87925AB99C} : NameServer = 156.154.70.22,156.154.71.22 AppInit_DLLs: c:\windows\system32\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\yifklo5v.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q= FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-25 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-17 309848] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-11 242600] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-11 29400] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-3 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-3 42184] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-11 1793712] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-3-31 100712] RUnknown 2001978drv;2001978drv; [x] RUnknown 35687495;35687495; [x] S2 gupdate;Usluga Google ažuriranje (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-3 136176] S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-12-6 16472] S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-12-6 11104] . =============== Created Last 30 ================ . 2011-08-31 17:03:18 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-08-31 17:02:19 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro 2011-08-31 16:22:38 -------- d-----w- c:\program files\Xenocode 2011-08-29 19:42:11 139656 ------w- c:\windows\system32\dllcache\rdpwd.sys 2011-08-29 19:37:28 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys . ==================== Find3M ==================== . 2011-08-15 19:35:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-21 19:53:51 285256 ----a-w- c:\windows\system32\guard32.dll 2011-07-21 19:53:48 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2011-07-21 19:53:48 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2011-07-21 19:53:48 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys 2011-07-15 13:29:35 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr 2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-06-24 14:09:15 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec 2011-06-20 17:43:21 293376 ----a-w- c:\windows\system32\winsrv.dll . ============= FINISH: 12:46:34,67 ===============