Deckard's System Scanner v20071014.68
Run by libc1 on 2008-05-20 09:46:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as libc1.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:31 AM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\libc1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\libc1.exe
C:\WINDOWS\system32\HPZinw12.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O1 - Hosts: hp973f8e HP0018FE973F8E
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dbar_starter] C:\Documents and Settings\libc1\Application Data\Deskbar_{380C73FA-F65D-49d1-95D5-C938579255FE}\starter.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1191525831828
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O17 - HKLM\Software\..\Telephony: DomainName = ahsstud.ahs.mcnairy.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ahsstud.ahs.mcnairy.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9127 bytes
-- Files created between 2008-04-20 and 2008-05-20 -----------------------------
2008-05-19 22:32:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 22:32:55 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 21:28:01 0 d-------- C:\Program Files\Panda Security
2008-05-19 17:58:00 0 d-------- C:\Documents and Settings\libc1\Application Data\Malwarebytes
2008-05-19 17:57:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-19 17:57:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-19 17:57:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-19 06:41:42 0 d-------- C:\Documents and Settings\libc1\DoctorWeb
2008-05-19 06:39:48 0 d-------- C:\Program Files\Trend Micro
2008-05-19 06:12:23 0 d-------- C:\Documents and Settings\libc1\Application Data\Symantec
2008-05-19 02:16:12 0 d-------- C:\Program Files\Norton 360
2008-05-19 02:13:18 0 d-------- C:\Program Files\Symantec
2008-05-19 02:13:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-19 02:13:03 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-18 21:21:52 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-18 20:18:06 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17:55 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-18 20:17:55 0 d-------- C:\Documents and Settings\libc1\Application Data\SUPERAntiSpyware.com
2008-05-18 20:17:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 19:47:22 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-18 19:07:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-18 18:56:21 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 18:55:25 0 d-------- C:\Program Files\SpywareBlaster
2008-05-18 18:32:50 25558 --ahs---- C:\WINDOWS\system32\CfggNXyb.ini2
2008-05-18 18:31:33 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-05-18 18:30:24 0 d-------- C:\WINDOWS\Sun
2008-05-18 18:30:24 0 d-------- C:\Documents and Settings\libc1\Application Data\Sun
2008-05-18 18:28:05 0 d--hs---- C:\WINDOWS\QUhT
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\polX
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\GUI2
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\binR
2008-05-18 18:27:52 0 d-------- C:\WINDOWS\system32\3036a
2008-05-18 18:27:46 0 d-------- C:\WINDOWS\system32\logXv18
2008-05-18 18:25:08 0 d-------- C:\Program Files\SurfingProgram
2008-05-18 18:21:25 0 d-------- C:\Documents and Settings\libc1\Application Data\LimeWire
2008-05-18 18:15:47 0 d-------- C:\Program Files\LimeWire
2008-05-10 08:28:59 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-09 13:36:13 2550 --a------ C:\WINDOWS\mozver.dat
2008-05-01 08:36:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Amazon
2008-05-01 08:36:27 0 d-------- C:\Program Files\Amazon
2008-05-01 08:35:20 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-01 08:30:04 0 d-------- C:\WINDOWS\Downloaded Installations
-- Find3M Report ---------------------------------------------------------------
2008-05-20 09:25:48 2812 --a------ C:\Documents and Settings\libc1\Application Data\evpro32.prf
2008-05-19 17:57:10 0 d-------- C:\Program Files\Common Files
2008-05-01 08:37:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 15:33:15 0 d-------- C:\Documents and Settings\libc1\Application Data\U3
2008-04-09 14:54:24 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-09 14:54:22 0 d--h----- C:\Program Files\Zenographics
2008-04-04 21:57:55 0 d-------- C:\Documents and Settings\libc1\Application Data\Adobe
2008-04-04 20:57:02 0 d-------- C:\Documents and Settings\libc1\Application Data\Real
2008-04-04 20:51:51 0 d-------- C:\Program Files\Common Files\xing shared
2008-04-04 20:51:49 0 d-------- C:\Program Files\Common Files\Real
2008-04-04 20:51:42 0 d-------- C:\Program Files\Real
2008-04-04 20:43:00 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-04 20:42:58 0 d-------- C:\Documents and Settings\libc1\Application Data\Mozilla
2008-04-04 08:27:21 94123 --a------ C:\WINDOWS\hppins05.dat
2008-04-04 08:24:42 0 d-------- C:\Program Files\HP
2008-04-04 08:16:30 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-03 22:50:28 61678 --a------ C:\Documents and Settings\libc1\Application Data\PFP100JPR.{PB
2008-03-03 22:50:28 12358 --a------ C:\Documents and Settings\libc1\Application Data\PFP100JCM.{PB
2008-02-26 17:57:32 117089 --a------ C:\WINDOWS\hpoins11.dat
2008-02-20 14:21:43 28672 --a------ C:\WINDOWS\system32\qttask.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [07/19/2006 09:42 AM C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [12/21/2005 03:02 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [06/13/2006 09:57 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [06/13/2006 09:57 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [06/13/2006 09:57 AM]
"RTHDCPL"="RTHDCPL.EXE" [03/14/2006 05:01 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 PM C:\WINDOWS\Alcmtr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/29/2006 06:13 AM]
"AGRSMMSG"="AGRSMMSG.exe" [03/16/2006 05:24 PM C:\WINDOWS\AGRSMMSG.exe]
"INPROCOMMWireless"="C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM]
"hpbdfawep"="C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe" [12/23/2007 09:47 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/04/2008 08:51 PM]
"dbar_starter"="C:\Documents and Settings\libc1\Application Data\Deskbar_{380C73FA-F65D-49d1-95D5-C938579255FE}\starter.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 08:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [10/20/2007 8:17:26 PM]
Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [7/11/2007 5:25:20 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2/10/2006 8:56:20 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNggfC
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53831a-066e-11dd-a6a6-00197e72468e}]
AutoRun\command- D:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
-- End of Deckard's System Scanner: finished at 2008-05-20 09:46:55 ------------