DDS (Ver_10-03-17.01) - NTFSx86
Run by Todd at 21:12:38.48 on Sun 08/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.92 [GMT -4:00]
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://aimhome.netscape.com/aimhome.adp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\todd\startm~1\programs\startup\anapod~1.lnk - c:\program files\red chair software\anapod explorer\anamgr.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\windows\system32\xdce.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272588712937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\todd\applic~1\mozilla\firefox\profiles\l1ty1xsv.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-7 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-8-5 217032]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-8-5 112592]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-8-5 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-8-5 1142224]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296]
R2 TCPIP Pass-through Filter;TCPIP Pass-through Filter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-6 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-1-25 200576]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100808.003\NAVENG.SYS [2010-8-8 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100808.003\NAVEX15.SYS [2010-8-8 1362608]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000xp.sys [2010-7-14 829152]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-8-1 816672]
=============== Created Last 30 ================
2010-08-08 04:38:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-08 04:38:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-08 02:23:11 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-07 22:38:35 0 d-----w- c:\program files\Panda Security
2010-08-07 00:19:12 0 d-----w- C:\VT-SEPVersion
2010-08-07 00:10:32 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-07 00:10:32 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-07 00:10:32 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-07 00:10:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-07 00:09:34 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-08-07 00:09:34 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-08-07 00:08:34 0 d-----w- c:\program files\Symantec
2010-08-07 00:01:55 0 d-----w- c:\windows\system32\appmgmt
2010-08-06 23:51:38 0 d-----w- c:\program files\Trend Micro
2010-08-05 23:01:06 0 d-----w- c:\docume~1\todd\applic~1\Malwarebytes
2010-08-05 22:59:48 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-05 22:59:47 882 ----a-w- c:\windows\RegSDImport.xml
2010-08-05 22:59:47 879 ----a-w- c:\windows\RegISSImport.xml
2010-08-05 22:59:47 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-05 22:59:47 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-05 22:59:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-05 22:59:47 131 ----a-w- c:\windows\IDB.zip
2010-08-05 22:59:47 1152444 ----a-w- c:\windows\UDB.zip
2010-08-05 22:59:39 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-08-05 22:59:39 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-05 22:58:52 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-05 22:58:52 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-08-05 22:58:52 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-08-05 22:58:52 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-05 22:58:29 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-08-05 22:58:29 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-05 22:58:18 0 d-----w- c:\program files\Spyware Doctor
2010-08-05 22:58:18 0 d-----w- c:\program files\common files\PC Tools
2010-08-05 22:58:18 0 d-----w- c:\docume~1\todd\applic~1\PC Tools
2010-08-05 22:58:18 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-08-05 22:57:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 22:57:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-05 22:57:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-05 22:57:17 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 01:19:15 8192 ----a-w- c:\windows\system32\apxg.dll
2010-08-05 01:06:55 8192 ----a-w- c:\windows\system32\jsvrumd.dll
2010-08-04 23:59:02 8192 ----a-w- c:\windows\system32\ahnkm.dll
2010-08-04 23:54:27 54 ----a-w- c:\windows\lsrslt.ini
2010-08-04 23:53:35 8192 ----a-w- c:\windows\system32\xdce.dll
2010-08-04 23:53:30 782336 ----a-w- c:\windows\system32\drivers\czkzg.sys
2010-08-04 23:53:27 19456 ----a-w- c:\windows\system32\msippsth.dll
2010-08-04 01:54:36 27958 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Shorten Codec.bmp
2010-08-04 01:54:36 1331 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Shorten Codec.dat
2010-08-04 01:51:38 27958 ----a-w- c:\windows\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.bmp
2010-08-04 01:51:38 2467 ----a-w- c:\windows\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat
2010-08-04 01:51:22 27958 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.bmp
2010-08-04 01:51:22 2074 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat
2010-08-04 01:51:07 27958 ----a-w- c:\windows\system32\SpoonUninstall-dMC Generic CLI Encoder.bmp
2010-08-04 01:51:07 2146 ----a-w- c:\windows\system32\SpoonUninstall-dMC Generic CLI Encoder.dat
2010-08-04 01:40:33 27958 ----a-w- c:\windows\system32\SpoonUninstall-dMC Power Pack.bmp
2010-08-04 01:40:33 10841 ----a-w- c:\windows\system32\SpoonUninstall-dMC Power Pack.dat
2010-08-04 01:39:46 36104 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2010-08-04 01:39:46 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2010-08-01 22:40:28 816672 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-07-22 04:14:22 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-22 04:13:54 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-15 04:07:34 0 d--h--w- c:\windows\PIF
2010-07-15 03:26:06 829152 ----a-w- c:\windows\system32\drivers\ae1000xp.sys
2010-07-15 03:26:06 226592 ----a-w- c:\windows\system32\RaCoInst.dll
2010-07-15 03:26:06 13931 ----a-w- c:\windows\system32\RaCoInst.dat
==================== Find3M ====================
2010-08-04 01:54:36 167424 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-08-04 01:52:49 2656 ----a-w- c:\windows\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2010-08-04 01:10:29 2228 ----a-w- c:\windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2010-08-04 01:08:36 8457 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-07-07 00:25:43 13132 ---ha-w- c:\windows\system32\mlfcache.dat
============= FINISH: 21:14:00.92 ===============