What does it reveal in terms of Malware?
Am I compromised? Can I speed up Win XP Pro by doing some housecleaning or malware removal?
Thanks in advance.
Mac Guy
---------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Larry Lowe at 11:29:50 on 2011-12-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.456 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\MyColors\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Parallels\Parallels Tools\SIA\SharedIntApp.exe
C:\Program Files\Parallels\Parallels Tools\prl_cc.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\IMFirewall\IMMonitor\webservd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe
C:\Program Files\IMFirewall\IMMonitor\startSys.exe
C:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\tardisnt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\DiskBoss Pro\bin\diskbsg.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = proxy.landiscor.com:3128
uInternet Settings,ProxyOverride = localhost;127.0.0.1;192.168.100;intranet;thecor;*.local;<local>
BHO: Disabled:{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: Disabled:{69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - No File
BHO: Disabled:{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
BHO: Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No File
BHO: Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: Disabled:{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Companion.JS BHO: {addee521-f1cc-4b89-8c88-b2cf625b9163} - c:\program files\core services\companion.js\CompanionJS.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - c:\program files\core services\debugbar\DebugToolBar.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: DebugBar: {947e34e9-1d85-43cb-9cbf-5c492118fdd5} - c:\program files\core services\debugbar\DebugInfoBar.dll
EB: Companion.JS: {c30b6fcb-f8b0-4dd4-9207-aa4952bb3f52} - c:\program files\core services\companion.js\CompanionJS.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnVir Task Manager] "c:\program files\anvir task manager\AnVir.exe" Minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ProcessLassoManagementConsole] "c:\program files\process lasso\processlasso.exe"
mRun: [ProcessGovernor] "c:\program files\process lasso\processgovernor.exe"
mRun: [Parallels Shared Internet Applications] "c:\program files\parallels\parallels tools\sia\SharedIntApp.exe" /start
mRun: [Parallels Tools Center] "c:\program files\parallels\parallels tools\prl_cc.exe"
mRun: [USB Safely Remove] c:\program files\usb safely remove\USBSafelyRemove.exe /startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: NoAddPrinter = 1 (0x1)
uPolicies-explorer: NoDeletePrinter = 1 (0x1)
uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0402343A-B530-482b-AA27-A61CEC3E4D2E} - {C30B6FCB-F8B0-4DD4-9207-AA4952BB3F52} - c:\program files\core services\companion.js\CompanionJS.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 1739909327
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 4874944328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www2.gotomeeting.com/default/ap ... 2mdlax.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
TCP: DhcpNameServer = 10.211.55.1
TCP: Interfaces\{19521266-8366-4B01-8189-33EF1A3B08F8} : NameServer = 64.105.156.138,64.105.132.250
TCP: Interfaces\{288F7C39-C24D-4316-9CD0-C1B9DB66981A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{288F7C39-C24D-4316-9CD0-C1B9DB66981A} : DhcpNameServer = 10.211.55.1
TCP: Interfaces\{B0EE7E95-8A18-4F50-B6FC-4C9BA02EC572} : DhcpNameServer = 10.211.55.1
TCP: Interfaces\{B8360921-ABAA-41A4-9A6A-414005C46E79} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WB - c:\program files\stardock\mycolors\fastload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 10.211.55.2 Mil-Falc.admin
Hosts: 10.211.55.2 d6.dev
Hosts: 10.211.55.2 d7.dev
Hosts: 10.211.55.2 ldl.prod
Hosts: 10.211.55.2 ufo.prod
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry lowe\application data\mozilla\firefox\profiles\xdr27ebo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\larry lowe\application data\mozilla\firefox\profiles\xdr27ebo.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
============= SERVICES / DRIVERS ===============
.
R0 prl_pv32;prl_pv32;c:\windows\system32\drivers\prl_pv32.sys [2008-11-28 23880]
R0 prl_strg;Parallels paravirt disk filter;c:\windows\system32\drivers\prl_strg.sys [2011-7-26 29640]
R0 prl_tg;Parallels Tool Device;c:\windows\system32\drivers\prl_tg.sys [2008-11-28 24008]
R1 prl_boot;Parallels BootCamp Helper;c:\windows\system32\drivers\prl_boot.sys [2011-9-7 38600]
R1 prl_fs;Parallels Shared Folders;c:\windows\system32\drivers\prl_fs.sys [2008-11-22 149448]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-10-25 93544]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2009-11-15 136504]
R2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2009-11-15 99640]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 immonitord;immonitord;c:\program files\imfirewall\immonitor\webservd.exe [2008-2-9 447488]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2009-11-15 5760]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-4-15 6528]
R2 Parallels Coherence Service;Parallels Coherence Service;c:\program files\parallels\parallels tools\services\coherence.exe [2011-9-7 28488]
R2 Parallels Tools Service;Parallels Tools Service;c:\program files\parallels\parallels tools\services\prl_tools_service.exe [2011-9-7 186696]
R2 prl_memdev;Parallels Memdev Driver;c:\windows\system32\drivers\prl_memdev.sys [2011-11-18 15176]
R2 prl_time;Parallels Time Synchronization Helper;c:\windows\system32\drivers\prl_time.sys [2011-11-18 15816]
R2 Tardis;Tardis time service;c:\windows\system32\tardisnt.exe [2008-2-4 233472]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2011-8-8 257880]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-5 24652]
R3 IMNPF;IMFirewall Packet Filter;c:\windows\system32\drivers\imnpf.sys [2008-2-9 33456]
R3 InputRemapperFilter;Input Remapper Filter;c:\windows\system32\drivers\InputRemapperFilter.x86.sys [2008-2-3 22576]
R3 prl_eth5;Parallels Ethernet Adapter;c:\windows\system32\drivers\prl_eth5.sys [2008-11-28 18376]
R3 prl_mouf;Parallels Mouse Synchronization Device;c:\windows\system32\drivers\prl_mouf.sys [2008-11-28 16200]
R3 prl_sound;Parallels Audio Controller;c:\windows\system32\drivers\prl_sound.sys [2011-7-26 45896]
R3 prl_va;Parallels Video Adapter;c:\windows\system32\drivers\prl_vamp.sys [2008-11-28 25928]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664]
S3 aapltctp;Apple Trackpad Enabler;c:\windows\system32\drivers\aapltctp.sys [2008-1-30 4224]
S3 aapltp;Apple Trackpad;c:\windows\system32\drivers\aapltp.sys [2008-1-30 35072]
S3 applebt;Apple Built-in Bluetooth;c:\windows\system32\drivers\applebt.sys [2008-5-30 9088]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 BthKicker;Apple Bluetooth Device Driver;c:\windows\system32\drivers\BthKicker.sys [2008-1-30 7424]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-12-24 406016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-13 135664]
S3 HIDTranslator;HID Translator;c:\windows\system32\drivers\HIDTranslator.sys [2008-2-3 12464]
S3 InputRemapper;Input Remapper;c:\program files\input remapper\InputRemapper.x86.exe [2007-7-29 2010304]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2008-1-30 16512]
S3 iSightUpdate;iSight Update Driver;c:\windows\system32\drivers\iSightUP.sys [2008-1-30 17664]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2008-1-30 23552]
S3 USA19H;USA19H;c:\windows\system32\drivers\usa19h2k.sys [2008-2-1 704000]
S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\usa19h2kp.sys [2008-2-1 24192]
.
=============== Created Last 30 ================
.
2011-12-13 17:03:37 -------- d-----w- c:\documents and settings\larry lowe\local settings\application data\DiskBoss Pro
2011-12-13 17:03:12 -------- d-----w- c:\program files\DiskBoss Pro
2011-11-19 01:55:49 15176 ----a-w- c:\windows\system32\drivers\prl_memdev.sys
2011-11-19 01:55:28 15816 ----a-w- c:\windows\system32\drivers\prl_time.sys
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:30:31.79 ===============