DDS.txt
DDS (Ver_10-11-01.01) - NTFSx86
Run by Ownmer at 20:36:39.27 on Tue 11/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1215 [GMT -5:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\CISVC.EXE
C:\Program Files\xwenerww\xwenerww.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\taskhost.exe
C:\Program Files\xwenerww\xwenerww.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Autorun Eater\oldmcdonald.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Autorun Eater\billy.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Ownmer\Desktop\dds.scr
C:\windows\system32\conhost.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.elrideintl.net/main/forumv4/viewforum.php?f=9&sid=9faa9b51efacb8cee9357f83184ebc82
uDefault_Page_URL = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/ig/
mDefault_Page_URL = hxxp://www.google.com/ig/
mStart Page = hxxp://www.google.com/ig/
mSearch Page = hxxp://www.google.com/ig/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [Autorun Eater] c:\program files\autorun eater\oldmcdonald.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: DisableStartupSound = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: 659636B69656 = 208.67.222.222,208.67.220.220
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\ownmer\appdata\roaming\mozilla\firefox\profiles\34tor85i.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ownmer\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-11-1 32008]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-11-1 76440]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-1 60936]
R2 CSIScanner;CSIScanner;c:\program files\xwenerww\xwenerww.exe [2010-11-1 6415608]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-1-23 9472]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-11-1 26096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-11-26 167936]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-10-31 35816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-10-31 24416]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-26 171008]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-28 1343400]
S4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-26 135664]
S4 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-15 1153368]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-11-26 51512]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
=============== Created Last 30 ================
2010-11-02 10:11:26 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{227381be-3bc6-4dbc-b869-4b1b0d334c0f}\mpengine.dll
2010-11-02 08:36:40 388096 ----a-r- c:\users\ownmer\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-02 06:31:46 -------- d-----w- c:\users\ownmer\appdata\roaming\Avira
2010-11-02 02:37:09 -------- d-----w- c:\program files\Safer Networking
2010-11-02 02:24:17 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-11-02 02:24:17 71880 ----a-w- c:\windows\system32\PxSecure.dll
2010-11-02 02:24:17 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-11-02 02:24:16 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-11-02 02:24:16 -------- d-----w- c:\program files\xwenerww
2010-11-02 02:23:54 -------- d-----w- c:\progra~2\PrevxCSI
2010-11-01 20:18:13 -------- d-----w- c:\users\ownmer\appdata\local\ChemTable Software
2010-11-01 19:59:11 -------- d-----w- c:\program files\RegCleaner
2010-11-01 19:48:52 -------- d-----w- c:\users\ownmer\appdata\roaming\ChemTable Software
2010-11-01 19:48:18 -------- d-----w- c:\program files\Reg Organizer
2010-11-01 17:39:38 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-01 17:39:38 -------- d-----w- c:\program files\Avira
2010-11-01 17:39:38 -------- d-----w- c:\progra~2\Avira
2010-11-01 05:27:58 -------- d-----w- c:\progra~2\Autorun Eater
2010-11-01 05:27:49 -------- d-----w- c:\program files\Autorun Eater
2010-11-01 05:13:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-01 05:13:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 04:11:23 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-11-01 04:10:54 -------- d-----w- c:\windows\RestoreSafeDeleted
2010-11-01 01:15:38 6146896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{a27d6fbc-dfa1-419a-bc5b-9043415b2b2f}\mpengine.dll
2010-10-31 21:54:45 2 --shatr- c:\windows\winstart.bat
2010-10-31 21:54:20 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-10-31 21:54:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-31 21:53:58 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-10-31 21:53:32 -------- d-----w- c:\program files\UnHackMe
2010-10-31 21:52:50 -------- d-----w- c:\users\ownmer\unhackme
2010-10-31 21:18:34 -------- d-----w- c:\program files\Trend Micro
2010-10-27 16:01:21 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 16:01:21 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 16:01:21 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 16:01:16 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 04:03:31 -------- d-----w- c:\program files\Bonjour
2010-10-25 17:38:39 -------- d-----w- c:\users\ownmer\appdata\roaming\Windows Live Writer
2010-10-25 17:38:39 -------- d-----w- c:\users\ownmer\appdata\local\Windows Live Writer
2010-10-24 18:19:08 -------- d-----w- c:\users\ownmer\appdata\local\Windows Live
2010-10-24 18:17:22 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-24 18:17:21 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-24 18:17:20 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-24 16:40:55 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-10-24 16:39:59 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2010-10-24 16:37:59 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-10-23 22:58:13 -------- d-----w- c:\windows\system32\directx
2010-10-23 19:21:38 -------- d-----w- c:\program files\The Weather Channel FW
2010-10-23 19:21:25 -------- d-----w- c:\users\ownmer\appdata\local\The Weather Channel
2010-10-13 10:04:57 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 10:04:55 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 10:04:53 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 10:04:51 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 10:04:51 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 10:04:45 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 10:04:44 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 10:04:44 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 10:04:44 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 10:04:44 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 10:04:43 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
==================== Find3M ====================
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 19:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 20:37:58.16 ===============