DDS (Version 1.1.0) - NTFSx86
Run by sewall at 22:52:34.66 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.97 [GMT -5:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WholeSecurity\Enterprise Edition\WSService2K.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WholeSecurity\Enterprise Edition\EnterpriseRA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\sewall\Local Settings\Temporary Internet Files\Content.IE5\YFWDCXEX\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.unc.edu/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0
\activex\AcroIEHelper.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
mRun: [RA_XP] c:\program files\wholesecurity\enterprise edition\EnterpriseRA.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0
\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\afscre~1.lnk - c:\program
files\openafs\client\program\afscreds.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital
imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital
imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06
\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11
\REFIEBAR.DLL
TCP: {CAD24AD6-C81A-4787-8CB9-9A75B39A4809} = 152.2.22.208,152.2.22.214
Notify: AfsLogon - c:\windows\system32\afslogon.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli csspwntfye
================= FIREFOX ===================
FF - ProfilePath -
ATTENTION: FIREFOX POLICIES ARE IN FORCE
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium,
2=high, 3=custom
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do
proxy autodiscovery
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default",
"chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",
"chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("signon.prefillForms", true);
============= SERVICES / DRIVERS ===============
R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2005-12-21 6912]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys
[2008-9-5 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\naveng.sys [2009-1-6 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090106.004\navex15.sys [2009-1-6 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R4 ConfidenceOnlineEE;Confidence Onlineâ„¢ for Corporate PCs;c:\program files\wholesecurity\enterprise edition\WSService2K.exe
[2005-9-13 1205864]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544]
R4 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-11-15 46142]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-6 116928]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2005-12-21 3968]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
=============== Created Last 30 ================
2009-01-06 22:14 0 a------- c:\windows\VPC32.INI
==================== Find3M ====================
2009-01-04 04:52 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-01-04 04:52 28,672 a------- c:\windows\system32\drivers\CO_Mon.sys
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 05:37 659,456 a------- c:\windows\system32\wininet.dll
============= FINISH: 22:54:02.41 ===============
Attached Files
Edited by Orange Blossom, 11 February 2013 - 03:46 AM.
Deactivate link. ~ OB