DDS (Ver_09-12-01.01) - NTFSx86
Run by mikea at 19:13:56.32 on Tue 12/22/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2757 [GMT -6:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\gtwatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\mikea\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080119mDefault_Page_URL =
hxxp://www.dell.commStart Page =
hxxp://www.dell.commSearchAssistant =
hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=usBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
mRun: [Gtwatch] c:\windows\gtwatch.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabNotify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli dirovura.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mikea\applic~1\mozilla\firefox\profiles\hslfkw88.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4080119FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-12-18 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-12-18 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\bashdefs\20091013.001\BHDrvx86.sys [2009-12-18 508976]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-12-18 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-12-18 114736]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\ipsdefs\20090911.001\IDSxpx86.sys [2009-12-18 329080]
S2 NIS;Norton Internet Security;"c:\program files\norton internet security\engine\17.1.0.19\ccsvchst.exe" /s "nis" /m "c:\program files\norton internet security\engine\17.1.0.19\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [?]
S3 GT681x;%GrandTechICNameNT%;c:\windows\system32\drivers\gt681x.sys --> c:\windows\system32\drivers\GT681x.SYS [?]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20091020.006\NAVENG.SYS [2009-12-18 84912]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.1.0.19\definitions\virusdefs\20091020.006\NAVEX15.SYS [2009-12-18 1323568]
=============== Created Last 30 ================
2009-12-23 00:20:56 0 d-sha-r- C:\cmdcons
2009-12-23 00:12:42 77312 ----a-w- c:\windows\MBR.exe
2009-12-23 00:12:42 261632 ----a-w- c:\windows\PEV.exe
2009-12-23 00:12:36 0 d-s---w- C:\ComboFix
2009-12-23 00:07:17 389120 ----a-w- c:\windows\system32\CF22897.exe
2009-12-23 00:03:56 0 d-----w- c:\program files\Trend Micro
2009-12-21 21:22:13 0 d-----w- c:\docume~1\alluse~1\applic~1\HotbarSA
2009-12-21 21:22:12 0 d-----w- c:\docume~1\mikea\applic~1\WeatherDPA
2009-12-21 21:22:11 0 d-----w- c:\docume~1\mikea\applic~1\Hotbar
2009-12-21 20:42:31 0 d-----w- c:\program files\VS Revo Group
2009-12-21 20:16:52 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-21 20:16:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-21 17:56:01 230 ----a-w- c:\windows\system32\spupdsvc.inf
2009-12-19 22:49:23 0 d--h--w- C:\$AVG
2009-12-19 21:59:40 98816 ----a-w- c:\windows\sed.exe
2009-12-19 21:59:40 161792 ----a-w- c:\windows\SWREG.exe
2009-12-19 21:59:29 389120 ----a-w- c:\windows\system32\CF3390.exe
2009-12-19 21:55:05 0 d-----w- c:\docume~1\mikea\applic~1\AVG8
2009-12-19 21:24:23 0 d-----w- c:\docume~1\mikea\applic~1\Malwarebytes
2009-12-19 21:24:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 21:24:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 21:24:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 21:24:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-18 23:12:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-18 23:12:14 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-18 23:12:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-18 23:12:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-18 23:12:14 0 d-----w- c:\program files\Symantec
2009-12-18 23:11:36 0 d-----w- c:\windows\system32\drivers\NIS
2009-12-18 23:06:20 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2009-12-18 23:04:53 0 d-----w- c:\program files\NortonInstaller
2009-12-18 23:04:53 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-14 21:08:13 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-14 21:07:01 0 d-----w- c:\windows\system32\LogFiles
2009-12-11 22:16:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-12-07 15:43:25 0 d-----w- C:\978acfedc8f2e9c290ce20acd1132192
2009-12-07 15:42:40 0 d-----w- C:\7b50ad4b04f14b9d4ac64755
2009-12-05 17:36:31 0 d-----w- C:\f2d0557a544460edc85b71
2009-12-05 17:35:34 0 d-----w- C:\f8e2b187ec654c5417
2009-12-03 18:03:37 0 d-----w- C:\30d05a8c962d2c2f9e
2009-12-03 18:02:45 0 d-----w- C:\f970645c79266f69bf36
2009-11-30 15:56:12 0 d-----w- C:\cebc6a6bca7a121ac21424868135f7
2009-11-30 15:55:49 0 d-----w- C:\1b29bac808a1e5fa71bc72fb
==================== Find3M ====================
2009-10-29 07:46:55 52224 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:46:55 459264 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:46:54 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:46:54 268288 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:46:51 63488 ------w- c:\windows\system32\dllcache\icardie.dll
2009-10-29 07:46:51 380928 ------w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-03-12 12:13:06 5154304 ----a-w- c:\program files\WindowsDefender.msi
2008-12-12 13:14:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat
============= FINISH: 19:14:31.48 ===============