DDS (Ver_09-02-01.01) - NTFSx86 Run by Mark at 1:10:18.96 on Wed 04/02/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.345 [GMT 10.5:30] AV: CA Anti-Virus *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\CA Internet Security Suite\casc.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Mark\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.com.au/ uInternet Connection Wizard,ShellNext = iexplore BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll TB: {119DBEDA-9C41-4F97-94B4-B6BCD01133CF} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [PowerBar] uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe" uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe" mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe mRun: [ControlCenter2.0] "c:\program files\brother\controlcenter2\brctrcen.exe" /autorun mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [PC Pitstop Optimize Scheduler] c:\program files\pcpitstop\optimize\PCPOptimize.exe -boot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [eBayToolbar] c:\program files\ebay\ebay toolbar2\eBayTBDaemon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60 mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe StartupFolder: c:\docume~1\mark\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\windows\system32\VetRedir.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130302635427 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166695084796 DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.desert.com.au/Remote/msrdp.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} - hxxp://www.rsvp.com.au/chat/RSVPChat.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: PFW - UmxWnp.Dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\2ur1jcbz.default\ FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll ============= SERVICES / DRIVERS =============== R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-10-21 107000] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-25 64160] R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184] R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-12-9 26352] R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-12-9 21104] R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-12-9 880560] R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-12-9 21488] R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-12-9 161008] R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2008-12-9 144696] R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2008-12-9 128240] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-19 942416] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-1-28 184968] R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-9-10 1141240] R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-10-21 801272] R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-9-2 289272] R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2008-12-9 292080] R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768] R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-12-9 108368] S2 FSIHS;F-Secure Installer restarter;"c:\docume~1\mark\locals~1\temp\installer\00000001\bootstrap\fsihs.exe" --> c:\docume~1\mark\locals~1\temp\installer\00000001\bootstrap\fsihs.exe [?] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-19 33752] =============== Created Last 30 ================ 2009-02-04 00:56 --d----- C:\_OTMoveIt 2009-02-04 00:13 --d----- c:\docume~1\mark\applic~1\Malwarebytes 2009-02-04 00:13 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-04 00:13 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-04 00:13 --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-04 00:13 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-02-03 22:52 250 a------- c:\windows\gmer.ini 2009-01-30 15:06 --d----- c:\program files\common files\Application 2009-01-26 01:37 15,688 a------- c:\windows\system32\lsdelete.exe 2009-01-25 20:02 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-01-25 17:47 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-20 23:07 --d----- c:\program files\Trend Micro 2009-01-16 23:38 54,156 a---h--- c:\windows\QTFont.qfn 2009-01-16 23:38 1,409 a------- c:\windows\QTFont.for ==================== Find3M ==================== 2009-01-24 06:31 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys 2009-01-24 06:31 111,856 a------- c:\windows\system32\isafprod.dll 2009-01-24 06:31 26,352 a------- c:\windows\system32\drivers\vet-filt.sys 2009-01-24 06:31 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys 2009-01-24 06:31 21,104 a------- c:\windows\system32\drivers\vet-rec.sys 2009-01-04 10:44 3,796 a------- c:\windows\system32\d3d9caps.dat 2008-12-11 21:27 333,952 a------- c:\windows\system32\drivers\srv.sys 2008-12-09 20:08 880,560 a------- c:\windows\system32\drivers\vetefile.sys 2008-12-09 20:08 108,368 a------- c:\windows\system32\drivers\veteboot.sys 2008-12-09 19:47 218,424 a------- c:\windows\system32\isafserv.dll 2008-12-09 19:47 144,696 a------- c:\windows\system32\isafe.exe 2008-12-09 19:47 107,760 a------- c:\windows\system32\isafinst.exe 2008-12-09 19:31 32,240 a------- c:\windows\system32\drivers\vetmonnt.1 2008-12-09 19:31 21,488 a------- c:\windows\system32\drivers\vetfddnt.1 2008-12-02 19:49 5,120 a--sh--- c:\program files\Thumbs.db 2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll 2008-10-17 21:32 87,608 a------- c:\docume~1\mark\applic~1\inst.exe 2008-10-17 21:32 47,360 a------- c:\docume~1\mark\applic~1\pcouffin.sys 2008-02-25 21:48 441 a------- c:\program files\regfav.ini 2008-02-25 21:48 96 a------- c:\program files\lang.ini 2008-02-25 21:48 17 a------- c:\program files\history.txt 2008-02-25 21:31 86 a------- c:\program files\autoclean.ini 2006-10-20 13:34 3,317 a------- c:\program files\RegHist.txt 2006-10-20 10:58 377,856 a------- c:\program files\RegSeeker.exe 2006-10-20 09:58 7,137 a------- c:\program files\FlashPlayer9.reg 2006-10-11 13:34 2,171 a------- c:\program files\exclude.ini 2006-10-11 13:34 1,442 a------- c:\program files\README.txt 2006-09-19 11:14 37,376 a------- c:\program files\Order.doc 2006-06-26 11:52 13,507 a------- c:\program files\license.rtf 2005-11-05 11:15 531 a------- c:\program files\mycookies.ini 2005-11-05 11:15 318 a------- c:\program files\shortarrow.ico 2005-11-05 11:15 298 a------- c:\program files\FixAddRemove.reg 2005-11-03 11:05 774,144 a------- c:\program files\RngInterstitial.dll 2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe 2002-09-12 00:56 63,730 a------- c:\program files\viewsonicinstruct_xp.pdf 2008-09-09 21:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090920080910\index.dat ============= FINISH: 1:11:18.49 ===============