DDS (Ver_09-03-16.01) - NTFSx86
Run by Kent at 17:51:23.03 on Thu 04/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.495 [GMT -7:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\AOL\1124326641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
svchost.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\program files\common files\aol\1124326641\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1124326641\EE\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/ig?hl=enuSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/iemDefault_Page_URL =
hxxp://www.sony.com/vaiopeoplemSearch Page =
mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext =
hxxp://www.sony.com/vaiopeopleuSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.commSearchAssistant =
hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1124326641\ee\AOLSoftware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\kent\startm~1\programs\startup\trueas~1.lnk - c:\program files\trueassistant\TrueAssistant.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet v series\bin\hpoant07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Transfer by Image Converter 2 - c:\program files\sony\image converter 2\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
hxxp://office.microsoft.com/templates/ieawsdc.cabDPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
hxxps://webdl.symantec.com/activex/symdlmgr.cabDPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} -
hxxps://www.digitaldocs.cc/GetDocs/cab/svinstall_a_stat.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
hxxps://pmicoaching.webex.com/client/v_mywebex-t20/webex/ieatgpc.cabNotify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-30 64160]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-3 105632]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-25 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090430.018\NAVENG.SYS [2009-4-30 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090430.018\NAVEX15.SYS [2009-4-30 876144]
S2 gupdate1c99db1744cfb95;Google Update Service (gupdate1c99db1744cfb95);c:\program files\google\update\GoogleUpdate.exe [2009-3-5 133104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-1-15 1087680]
=============== Created Last 30 ================
2009-04-30 17:32
--d----- c:\docume~1\kent\applic~1\Malwarebytes
2009-04-30 17:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 17:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 17:32 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-30 17:32 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-30 16:55 --d----- c:\program files\Trend Micro
2009-04-30 07:45 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-30 07:23 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-30 07:21 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-30 07:21 --d----- c:\program files\Lavasoft
2009-04-29 14:52 14,848 a------- c:\windows\system32\DL32.exe
2009-04-15 06:53 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 06:53 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 06:53 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 01:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 01:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2005-11-05 23:57 184,320 a------- c:\documents and settings\kent\atcliun.exe
2005-11-05 23:57 98,304 a------- c:\documents and settings\kent\atgpcext.dll
2005-11-05 23:57 28,672 a------- c:\documents and settings\kent\atgpcdec.dll
2005-11-05 23:56 110,592 a------- c:\documents and settings\kent\atmgr.exe
2005-11-05 23:56 86,016 a------- c:\documents and settings\kent\ieatgpc.dll
2005-11-05 23:56 28,672 a------- c:\documents and settings\kent\atwbxdet.dll
============= FINISH: 17:52:03.76 ===============