DDS (Ver_10-03-17.01) - NTFSx86
Run by nguyen01 at 12:46:41.88 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1116 [GMT -5:00]
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\nguyen01\Desktop\dds.scr
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by ALPLA Corporate IT
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunServices: [SoftwareSoftwareUpdateFilesLocalized] c:\program files\apple software update\softwareupdatefiles.resources\ru.lproj\updatesoftwareupdatefileslocalized.exe
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\docume~1\nguyen01\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = aim.exe
uPolicies-disallowrun: 2 = aimster.exe
uPolicies-disallowrun: 3 = aol.exe
uPolicies-disallowrun: 4 = aol.exe
uPolicies-disallowrun: 5 = aolbrowser.exe
uPolicies-disallowrun: 6 = aolbrowser.exe
uPolicies-disallowrun: 7 = ares.exe
uPolicies-disallowrun: 8 = audio galaxy.exe
uPolicies-disallowrun: 9 = audiognome.exe
uPolicies-disallowrun: 10 = avant.exe
uPolicies-disallowrun: 11 = avant.exe
uPolicies-disallowrun: 12 = azureus.exe
uPolicies-disallowrun: 13 = bearshare.exe
uPolicies-disallowrun: 14 = blubster.exe
uPolicies-disallowrun: 15 = bt++.exe
uPolicies-disallowrun: 16 = btdownloadgui.exe
uPolicies-disallowrun: 17 = buddyizer.exe
uPolicies-disallowrun: 18 = chrome.exe
uPolicies-disallowrun: 19 = chrome.exe
uPolicies-disallowrun: 20 = directconnect.exe
uPolicies-disallowrun: 21 = edonkey.exe
uPolicies-disallowrun: 22 = emule.exe
uPolicies-disallowrun: 23 = filetopia.exe
uPolicies-disallowrun: 24 = filetopia.exe
uPolicies-disallowrun: 25 = firefox.exe
uPolicies-disallowrun: 26 = firefox.exe
uPolicies-disallowrun: 27 = firefreedom.exe
uPolicies-disallowrun: 28 = flock.exe
uPolicies-disallowrun: 29 = flock.exe
uPolicies-disallowrun: 30 = gator.exe
uPolicies-disallowrun: 31 = gdonkey.exe
uPolicies-disallowrun: 32 = gnotella.exe
uPolicies-disallowrun: 33 = gnutella.exe
uPolicies-disallowrun: 34 = gnutellalite.exe
uPolicies-disallowrun: 35 = grabit.exe
uPolicies-disallowrun: 36 = grokster.exe
uPolicies-disallowrun: 37 = icq.exe
uPolicies-disallowrun: 38 = imesh.exe
uPolicies-disallowrun: 39 = imeshclient.exe
uPolicies-disallowrun: 40 = kazaa.exe
uPolicies-disallowrun: 41 = kazaalit.exe
uPolicies-disallowrun: 42 = kazaalite.exe
uPolicies-disallowrun: 43 = k-meleon.exe
uPolicies-disallowrun: 44 = k-meleon.exe
uPolicies-disallowrun: 45 = ktscrt.exe
uPolicies-disallowrun: 46 = kxx.exe
uPolicies-disallowrun: 47 = limewire.exe
uPolicies-disallowrun: 48 = lynx.exe
uPolicies-disallowrun: 49 = lynx.exe
uPolicies-disallowrun: 50 = mirc.exe
uPolicies-disallowrun: 51 = morpheus.exe
uPolicies-disallowrun: 52 = mozilla.exe
uPolicies-disallowrun: 53 = mozilla.exe
uPolicies-disallowrun: 54 = napigator.exe
uPolicies-disallowrun: 55 = napster.exe
uPolicies-disallowrun: 56 = netscape.exe
uPolicies-disallowrun: 57 = netscape.exe
uPolicies-disallowrun: 58 = netscp.exe
uPolicies-disallowrun: 59 = netscp.exe
uPolicies-disallowrun: 60 = opera.exe
uPolicies-disallowrun: 61 = opera.exe
uPolicies-disallowrun: 62 = overnet.exe
uPolicies-disallowrun: 63 = p2pautostart.exe
uPolicies-disallowrun: 64 = piolet.exe
uPolicies-disallowrun: 65 = safari.exe
uPolicies-disallowrun: 66 = safari.exe
uPolicies-disallowrun: 67 = SbiCtr.exe
uPolicies-disallowrun: 68 = seamonkey.exe
uPolicies-disallowrun: 69 = seamonkey.exe
uPolicies-disallowrun: 70 = slsk.exe
uPolicies-disallowrun: 71 = songspy.exe
uPolicies-disallowrun: 72 = swapnutinstall.exe
uPolicies-disallowrun: 73 = winmx.exe
uPolicies-disallowrun: 74 = wrapster.exe
uPolicies-disallowrun: 75 = xolox.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: alpla.net\p2plus
Trusted Zone: p2plus
Trusted Zone: alpla.net\p2plus
Trusted Zone: p2plus
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229023093439
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229023086001
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://192.168.194.167/DvrOcx.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-14 343920]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-1-6 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-22 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-1-6 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-1-6 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-16 70728]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-7-1 6016]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-14 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-14 43288]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-16 66600]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2008-7-30 10379]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]
=============== Created Last 30 ================
2010-08-19 10:37:50 0 d-----w- c:\docume~1\alluse~1\applic~1\GroupPolicy
2010-08-17 16:50:53 120 ----a-w- c:\windows\Hlopowuwuqecuz.dat
2010-08-17 16:50:53 0 ----a-w- c:\windows\Fpenabulez.bin
2010-08-09 20:35:04 54016 ----a-w- c:\windows\system32\drivers\jtbbussw.sys
2010-08-09 19:46:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-09 19:45:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-09 18:30:01 0 d-----w- c:\program files\Trend Micro
2010-08-09 16:07:28 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-08-09 15:34:46 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-09 15:12:11 0 d-----w- c:\docume~1\nguyen01\applic~1\Desktop Security
2010-08-07 12:30:42 0 d-----w- c:\windows\system32\DRM
2010-08-07 10:08:39 285696 -c----w- c:\windows\system32\dllcache\atmfd.dll
2010-08-07 10:05:15 100864 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2010-08-07 10:03:16 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-08-07 10:03:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-07 10:02:17 65536 -c----w- c:\windows\system32\dllcache\asycfilt.dll
2010-08-07 04:35:02 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-07 04:34:37 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-07 04:28:39 86016 -c----w- c:\windows\system32\dllcache\cabview.dll
==================== Find3M ====================
2008-10-14 16:00:00 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101420081015\index.dat
============= FINISH: 12:48:32.21 ===============
Edited by Orange Blossom, 21 August 2010 - 10:20 PM.
Moved from Malware logs to AII as no logs are included and the prep guide not followed ~Pandy Moved BACK to log forum as logs were edited in. ~ OB