DDS (Ver_09-01-19.01) - NTFSx86 Run by Mace123 at 14:41:59.10 on Sun 01/25/2009 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.450 [GMT -7:00] AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HPQ\SHARED\HPQWMI.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Greg Masie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Greg Masie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Greg Masie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Greg Masie\My Documents\Downloads\dds.scr C:\Documents and Settings\Greg Masie\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - No File BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [Google Update] "c:\documents and settings\greg masie\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" mRun: [ChangeResolution] c:\hp\bin\ChangeResolution.exe mRun: [Home Theater SchSvr] "c:\program files\common files\intervideo\schsvr\SchSvr.exe" mRun: [WINREMOTE] "c:\program files\intervideo\common\bin\WinRemote.exe" mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [Logitech Utility] Logi_MwX.Exe mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [1640814211] "c:\documents and settings\all users\application data\1260062919\1640814211.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\gregma~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\msn toolbar suite\ds\02.05.0001.1119\en-us\bin\WindowsSearch.exe IE: &MSN Search - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - hxxp://ispe.sdc.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: bbfaeededfbfcddc - c:\windows\system32\bbfaeededfbfcddc.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090125.005\NAVENG.SYS [2009-1-25 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090125.005\NAVEX15.SYS [2009-1-25 876112] R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352] R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352] R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-1-25 149352] R4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-31 1245064] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S4 pciinfo;HP Pci Information;\??\c:\docume~1\gregma~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\gregma~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?] =============== Created Last 30 ================ 2009-01-25 12:31 --d----- c:\program files\Trend Micro 2009-01-21 18:46 --d----- C:\VundoFix Backups 2009-01-21 17:58 --d----- c:\program files\Spybot - Search & Destroy 2009-01-21 17:58 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-01-20 20:41 73,728 a------- c:\windows\system32\javacpl.cpl 2009-01-20 20:40 0 a------- c:\windows\system32\REN71.tmp 2009-01-20 20:40 0 a------- c:\windows\system32\REN70.tmp 2009-01-20 20:40 0 a------- c:\windows\system32\REN6F.tmp 2009-01-20 20:32 --d----- c:\documents and settings\greg masie\.SunDownloadManager 2009-01-20 18:10 --d----- c:\docume~1\gregma~1\applic~1\Malwarebytes 2009-01-20 18:10 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-01-20 18:10 --d----- c:\program files\Malwarebytes' Anti-Malware 2009-01-14 18:19 --d----- c:\windows\ie8updates 2009-01-12 20:55 --dsh--- c:\documents and settings\greg masie\PrivacIE 2009-01-12 20:45 -cd-h--- c:\windows\ie8 2009-01-12 20:13 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-30 10:48 --d----- c:\program files\Norton Security Scan 2008-12-29 18:35 --d----- c:\windows\system32\Adobe 2008-12-29 12:41 --d----- c:\program files\iPod 2008-12-29 12:41 --d----- c:\program files\iTunes 2008-12-29 12:41 --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ==================== Find3M ==================== 2009-01-22 17:18 200,208 a------- c:\windows\system32\vumer.dll 2009-01-11 12:17 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-11 12:17 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-11 12:17 806 a------- c:\windows\system32\drivers\SYMEVENT.INF 2009-01-11 12:17 60,808 a------- c:\windows\system32\S32EVNT1.DLL 2008-12-14 06:59 5,699,584 a------- c:\windows\system32\dllcache\mshtml.dll 2008-12-11 03:57 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-11 03:57 333,952 -------- c:\windows\system32\dllcache\srv.sys 2007-08-30 09:15 0 a------- c:\docume~1\gregma~1\applic~1\wklnhst.dat 2006-09-20 19:01 90,112 a------- c:\documents and settings\greg masie\IDHWTSS1.dll 2006-09-20 19:01 81,920 a------- c:\documents and settings\greg masie\hobjni.dll 2006-09-07 19:29 36,868 a------- c:\documents and settings\greg masie\PrtDLL.dll 2008-09-02 18:26 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090220080903\index.dat ============= FINISH: 14:42:32.84 ===============