DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 15:33:07.18 on Thu 04/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.48 [GMT -5:00]
AV: CA Anti-Virus *On-access scanning enabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Outdated)
FW: CA Personal Firewall *enabled*
FW: Windows Live OneCare Firewall *enabled*
============== Running Processes ===============
C:\WINNT\system32\svchost -k DcomLaunch
C:\WINNT\system32\svchost -k rpcss
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k NetworkService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINNT\system32\mobsync.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Documents and Settings\Administrator\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\Documents and Settings\Administrator\My Documents\RCA EasyRip\EZDock.exe
C:\Documents and Settings\Administrator\My Documents\RCA EasyRip\PlayerLoader.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINNT\system32\Defrag.exe
C:\WINNT\system32\DfrgNtfs.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/ig?hl=en&source=iglkuSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%smSearchAssistant =
hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Pop-Up-Blocker]
uRun: [Tweak-XP]
uRun: [TransparentIcons]
uRun: [BlockAds]
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Drag'n'Drop_Autolaunch] "c:\program files\iomega hotburn\Autolaunch.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Easy Dock]
mRun: [74479115] c:\documents and settings\all users.winnt\application data\74479115\74479115.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [
]
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [00287823] c:\documents and settings\all users.winnt\application data\00287823\00287823.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\administrator\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\vcastm~1.lnk - c:\program files\verizon wireless\v cast music\V CAST Music Monitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\photag~1.lnk - c:\program files\photags express\Photags AutoDetect.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\winnt\system32\VetRedir.dll
Trusted Zone: identi-tape.com\www
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214968484475
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219851827154
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39532.836875
DPF: {D27CDB6E-AE6D-11CF-96B8-444552680000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 IKFileSec;File Security Driver;c:\winnt\system32\drivers\ikfilesec.sys [2009-4-6 40840]
R0 KmxStart;KmxStart;c:\winnt\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 IKSysFlt;System Filter Driver;c:\winnt\system32\drivers\iksysflt.sys [2009-4-6 66952]
R1 IKSysSec;System Security Driver;c:\winnt\system32\drivers\iksyssec.sys [2009-4-6 81288]
R1 KmxAgent;KmxAgent;c:\winnt\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\winnt\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\winnt\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\winnt\system32\drivers\vet-filt.sys [2009-4-7 26376]
R1 VET-REC;VET File System Recognizer;c:\winnt\system32\drivers\vet-rec.sys [2009-4-7 21128]
R1 VETEFILE;VET File Scan Engine;c:\winnt\system32\drivers\vetefile.sys [2009-4-7 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\winnt\system32\drivers\vetfddnt.sys [2009-4-7 21512]
R1 VETMONNT;VET File Monitor;c:\winnt\system32\drivers\vetmonnt.sys [2009-4-7 32264]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-4-7 144960]
R2 KmxCF;KmxCF;c:\winnt\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\winnt\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2008-8-8 28200]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-6 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-6 1079176]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-4-7 242952]
R3 KmxCfg;KmxCfg;c:\winnt\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\winnt\system32\drivers\veteboot.sys [2009-4-7 108368]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2008-3-25 66591]
S3 hpoid407;IEEE-1284.4 Driver hpoid407;c:\winnt\system32\drivers\hpoid407.sys [2008-4-30 50480]
S3 hpoius07;USB to IEEE-1284.4 Translation Driver hpoius07;c:\winnt\system32\drivers\hpoius07.sys [2008-4-30 18960]
=============== Created Last 30 ================
2009-04-09 10:56 22 a------- c:\winnt\system32\access.tmp
2009-04-07 19:38 --d----- c:\docume~1\alluse~1.win\applic~1\00287823
2009-04-07 18:45 --d----- c:\docume~1\alluse~1.win\applic~1\00335602
2009-04-07 17:21 --d----- c:\docume~1\alluse~1.win\applic~1\00358745
2009-04-07 07:53 --d----- c:\docume~1\alluse~1.win\applic~1\00470306
2009-04-07 04:56 --d----- c:\docume~1\alluse~1.win\applic~1\00302565
2009-04-07 02:21 --d----- c:\docume~1\alluse~1.win\applic~1\00486289
2009-04-07 02:02 --d----- c:\winnt\CAVTemp
2009-04-07 01:30 108,368 a------- c:\winnt\system32\drivers\veteboot.sys
2009-04-07 01:30 880,560 a------- c:\winnt\system32\drivers\vetefile.sys
2009-04-07 01:18 32,264 a------- c:\winnt\system32\drivers\vetmonnt.sys
2009-04-07 01:18 21,512 a------- c:\winnt\system32\drivers\vetfddnt.sys
2009-04-07 01:18 26,376 a------- c:\winnt\system32\drivers\vet-filt.sys
2009-04-07 01:18 21,128 a------- c:\winnt\system32\drivers\vet-rec.sys
2009-04-07 01:18 79,424 a------- c:\winnt\system32\vetredir.dll
2009-04-07 01:18 75,016 a------- c:\winnt\system32\isafprod.dll
2009-04-07 01:18 99,592 a------- c:\winnt\system32\isafeif.dll
2009-04-07 01:14 --d----- c:\program files\common files\Scanner
2009-04-07 01:12 --d----- c:\docume~1\alluse~1.win\applic~1\CA
2009-04-07 01:11 --d----- c:\program files\CA
2009-04-06 21:26 81,288 a------- c:\winnt\system32\drivers\iksyssec.sys
2009-04-06 21:26 66,952 a------- c:\winnt\system32\drivers\iksysflt.sys
2009-04-06 21:26 40,840 a------- c:\winnt\system32\drivers\ikfilesec.sys
2009-04-06 21:26 29,576 a------- c:\winnt\system32\drivers\kcom.sys
2009-04-06 21:26 --d----- c:\program files\Spyware Doctor
2009-04-06 21:26 --d----- c:\docume~1\admini~1\applic~1\PC Tools
2009-04-06 20:44 --d----- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-04-06 19:48 --d----- c:\docume~1\alluse~1.win\applic~1\00057903
2009-04-06 19:24 324,608 a------- c:\winnt\unSpySweeper.exe
2009-04-06 19:24 --d----- c:\program files\Webroot
2009-04-06 18:44 --d----- c:\docume~1\alluse~1.win\applic~1\74479115
2009-03-12 11:10 --d----- c:\program files\Bonjour
==================== Find3M ====================
2009-02-09 06:13 1,846,784 a------- c:\winnt\system32\win32k.sys
2008-03-26 01:30 21,952 a---h--- c:\program files\folder.htt
2008-03-26 01:30 271 ---sh--- c:\program files\desktop.ini
2008-11-02 23:11 32,768 a--sh--- c:\winnt\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110220081103\index.dat
============= FINISH: 15:40:06.72 ===============