DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by frank at 0:47:47 on 2013-01-11
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.1014.88 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\frank\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Windows\notepad.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\frank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112060&tt=4812_3&babsrc=HP_ss&mntrId=5a003357000000000000001fe2a7249a
mStart Page = hxxp://en.ie.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ie.acer.yahoo.com
uSearchAssistant = hxxp://
www.sharewareisland.com/quicksearch.aspx
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {a060276a-53be-45ec-8ebe-b94b1e803179} - <orphaned>
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: MyEmoticons Class: {DCC39ACE-709B-44EA-B062-5F6BE2774644} - c:\users\frank\appdata\roaming\myemoticons\myemoticons-1.3.dll
BHO: {f592709f-ff4a-4862-b659-4afabda56312} - <orphaned>
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office12\REFIEBAR.DLL
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\frank\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8A3EA5C0-84E0-4888-AEC8-935B5BA88E02} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 MpKsl03ed8a5f;MpKsl03ed8a5f;c:\programdata\microsoft\microsoft antimalware\definition updates\{e81b4a53-4456-465f-a647-823416c65a77}\MpKsl03ed8a5f.sys [2013-1-11 29904]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2010-8-23 1517056]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2009-3-31 16896]
.
=============== Created Last 30 ================
.
2013-01-11 00:17:4229904----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{e81b4a53-4456-465f-a647-823416c65a77}\MpKsl03ed8a5f.sys
2013-01-10 14:20:226812136----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{e81b4a53-4456-465f-a647-823416c65a77}\mpengine.dll
2013-01-10 13:16:436812136----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-04 18:26:39477168----a-w-c:\windows\system32\npdeployJava1.dll
2013-01-02 00:40:3721840----atw-c:\windows\system32\SIntfNT.dll
2013-01-02 00:40:3517212----atw-c:\windows\system32\SIntf32.dll
2013-01-02 00:40:3412067----atw-c:\windows\system32\SIntf16.dll
2013-01-01 05:19:491409----a-w-c:\windows\QTFont.for
.
==================== Find3M ====================
.
2013-01-10 08:35:21132511717----a-w-c:\windows\DUMP74e0.tmp
2013-01-04 18:26:01473072----a-w-c:\windows\system32\deployJava1.dll
2013-01-01 23:05:29171008----a-w-c:\windows\system32\apphelp.dll
2013-01-01 11:07:0711973----a-w-c:\windows\system32\drivers\secdrv.sys
2012-11-14 04:16:02466008----a-w-c:\windows\system32\drivers\sptd.sys
2006-05-03 12:06:54163328--sha-r-c:\windows\system32\flvDX.dll
2007-02-21 13:47:1631232--sha-r-c:\windows\system32\msfDX.dll
2008-03-16 15:30:52216064--sha-r-c:\windows\system32\nbDX.dll
2010-01-07 00:00:00107520--sha-r-c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 0:49:49.52 ===============