--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 12, 2009 00:14:00
Records in database: 2163952
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
R:\
Scan statistics:
Files scanned: 60570
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:23:33
No malware has been detected. The scan area is clean.
The selected area was scanned.
----------------------------------------------------------------------------
DDS (Ver_09-03-16.01) - NTFSx86
Run by asmuthw at 18:47:14.82 on Mon 05/11/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.262 [GMT -4:00]
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Outdated)
============== Running Processes ===============
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
svchost.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Symantec\ClientVPN\logservice.exe
C:\Program Files\Symantec\ClientVPN\emroute.exe
C:\WINDOWS\system32\spmonnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Symantec\ClientVPN\nsetup.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ssstars.scr
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\asmuthw\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.stb.dot.gov/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\Scriptcl.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [EasyButtonManager] c:\program files\samsung\easy button manager\EasyBtnMgr.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\symantec\clientvpn\nsetup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: turbotax.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195060231517
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\asmuthw\applic~1\mozilla\firefox\profiles\1alkgjud.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.newyorktimes.com/
FF - plugin: c:\documents and settings\asmuthw\application data\mozilla\firefox\profiles\1alkgjud.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\asmuthw\application data\mozilla\firefox\profiles\1alkgjud.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-26 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-11 160792]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-11-14 4300]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-14 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 Symantec Client VPN;Symantec Client VPN;vpnservices.exe --> vpnservices.exe [?]
R3 axtvpn;Symantec Client VPN Driver;c:\windows\system32\drivers\axtvpn.sys [2008-5-15 764592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-11-14 36608]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-14 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-14 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-14 170408]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-11 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-11 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-11 81288]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 953168]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-11 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-11 1079176]
=============== Created Last 30 ================
2009-05-07 17:34 161,792 a------- c:\windows\SWREG.exe
2009-05-07 17:34 98,816 a------- c:\windows\sed.exe
2009-05-04 17:59 100 a--s---- c:\windows\system32\1152763595.dat
2009-04-14 18:13 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-14 18:13 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-14 18:13 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-14 18:13 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-14 18:13 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 18:13 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-14 18:13 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-14 18:13 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 18:13 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:12 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-14 18:12 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-14 18:12 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
==================== Find3M ====================
2009-04-30 22:41 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
============= FINISH: 18:48:03.14 ===============