DDS.txt file
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 6:02:59 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.989 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10023&gct=hp
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {09e49ab4-9487-4828-b892-1bec9ed1dde6} - No File
BHO: {0ABC4A49-8AFB-41A9-B85A-477F525B4977} - No File
BHO: {0b876028-b388-4f6d-922f-f52faec8535f} - No File
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {29828AD7-9913-4025-94D2-FE9F883AAE47} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {32b29df0-2237-4370-9a29-37cebb730e9b} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4A71593D-D384-4B9C-A141-2F52C12861D7} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {6a5cbe2b-23fd-4650-ad47-708c8d1eda4f} - No File
BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: {767CE9B1-669B-426A-9A1C-FE828C34C761} - No File
BHO: {8439ECA6-690E-45B2-B631-D4B24508619A} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {989B7EE8-FA34-4C38-A008-838330F58AC3} - No File
BHO: {9B1D52F0-7CC4-4E08-97F4-CC03751A4ED6} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
BHO: {A3E9D252-31FF-4600-AA7F-444897C0C576} - No File
BHO: {a4cdae5a-190a-4f2d-9e9b-bf97da5624a5} - No File
BHO: {bf657654-67f9-4679-86d4-a97016e7cfe5} - No File
BHO: {c15e0d32-7cc8-4f7a-8718-0478add571ec} - No File
BHO: {C3F0CFD6-550C-471A-A41D-5FFDC11A05A9} - No File
BHO: {C7DBC153-9C02-435D-A8A8-E5E33C6D5BA0} - No File
BHO: {d2abbf68-bc72-47f0-a814-7ad168636a6d} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {D8BABF28-8B02-4D21-B61B-3174AE4B582C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE329032-20CB-4523-A1CB-884BCD8C4D86} - No File
BHO: {E2A079A6-04CB-4A1C-BFEB-BB2172FC9639} - No File
BHO: {e7017c0f-b48c-42a0-8c5a-cf7fc4de5fe1} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {eaa5d703-c901-4896-8b19-0f30779526e6} - No File
BHO: {ef3b9c0c-cd48-4cc0-aa60-ba8b2681c260} - No File
BHO: {efc75fe9-e202-4f2d-922e-1c65f3ddd4b5} - No File
BHO: {FAC9B062-4ED7-4D96-BDE9-39949204EB20} - No File
BHO: {FBEA68B9-E472-4F00-AF53-A21F29129893} - No File
BHO: {FCE3AF62-FDAA-4270-8D03-D8924DF20F18} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - No File
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
EB: {727b755f-9a4c-287b-0dd0-78b52d2b6829} - Search panel
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"
mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s
mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209161615513
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209161740763
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{465A2A28-8155-40F8-B13E-4D532274EFC7} : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnnmNEX
LSA: Notification Packages = scecli c:\windows\system32\kozewepu.dll
Hosts: 127.0.0.1
www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\o4qapmf6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Java Quick Starter:
jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(yahoo.homepage.dontask, true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-22 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-22 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-22 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-11-22 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-22 74640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-16 22216]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-16 366152]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-11-23 00:13:38 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2011-11-23 00:01:07 -------- d-----w- c:\documents and settings\administrator\application data\Avira
2011-11-22 23:59:30 -------- d-----w- c:\documents and settings\administrator\application data\AskToolbar
2011-11-22 23:52:20 -------- d-----w- c:\program files\Ask.com
2011-11-22 23:52:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AskToolbar
2011-11-22 23:50:37 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-11-22 23:50:37 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-11-22 23:50:35 -------- d-----w- c:\program files\Avira
2011-11-22 23:50:35 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-11-21 22:26:52 4752 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-21 22:20:45 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-20 19:11:23 -------- d-----w- c:\documents and settings\administrator\application data\yamH6W7fE9TqYIr
2011-11-20 19:11:22 -------- d-----w- c:\documents and settings\administrator\application data\XZ9hTXwUlBz0c
2011-11-20 15:33:38 -------- d-----w- c:\program files\581AA
2011-11-20 15:32:45 -------- d-----w- c:\documents and settings\administrator\application data\18F58
2011-11-20 15:32:44 -------- d-----w- c:\program files\LP
2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\ptzP0ycS1v3n4m6
2011-11-20 15:32:39 -------- d-----w- c:\documents and settings\administrator\application data\DJ6dEK8fR9YwUeO
2011-11-20 15:32:18 -------- d-----w- c:\documents and settings\administrator\application data\sqhYCwkIVlNx0c2
2011-11-20 15:32:17 -------- d-----w- c:\documents and settings\administrator\application data\EK8gRZqhYw
2011-11-17 03:24:30 -------- d-----w- c:\program files\iPod
2011-11-17 03:24:25 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-17 03:24:24 -------- d-----w- c:\program files\iTunes
2011-11-17 03:16:22 -------- d-----w- c:\program files\Bonjour
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpE0F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpD2F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpC5F9A.FOT
2011-11-13 21:26:29 1409 ----a-w- c:\windows\system32\tmpB7F9A.FOT
.
==================== Find3M ====================
.
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpC47A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpB77A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpAA7A7.FOT
2011-10-16 14:12:03 1409 ----a-w- c:\windows\system32\tmpA87A7.FOT
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpD9E08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpBEE08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpB0F08.FOT
2011-09-10 04:13:01 1409 ----a-w- c:\windows\system32\tmpA2F08.FOT
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 04:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 04:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 6:12:32.20 ===============