Deckard's System Scanner v20071014.68 Run by Todd on 2008-02-24 21:46:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 17: 2008-02-25 02:46:03 UTC - RP185 - Deckard's System Scanner Restore Point 16: 2008-02-24 19:38:57 UTC - RP184 - Installed Ad-Aware 2007 15: 2008-02-23 21:04:33 UTC - RP183 - System Checkpoint 14: 2008-02-22 20:12:29 UTC - RP182 - System Checkpoint 13: 2008-02-21 19:12:30 UTC - RP181 - System Checkpoint -- First Restore Point -- 1: 2008-02-10 17:12:04 UTC - RP169 - Removed Ad-Aware 2007 Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Todd.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:48:13 PM, on 2/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe F:\WINDOWS\System32\nvsvc32.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe F:\WINDOWS\system32\wscntfy.exe F:\Documents and Settings\Todd\Desktop\dss.exe F:\DOCUME~1\Todd\Desktop\Todd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {F46D7EAA-901F-453B-9435-24A963B0FCEB} - F:\WINDOWS\System32\mljjh.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVP] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199563039476 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: ljjhhig - F:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe -- End of file - 7412 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - f:\windows\system32\drivers\scdemu.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 ForceWare Intelligent Application Manager (IAM) - f:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe R2 ForcewareWebInterface (Forceware Web Interface) - "f:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice R3 FLEXnet Licensing Service - "f:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" -- Device Manager: Disabled ---------------------------------------------------- Class GUID: Description: Camera Device ID: USB\VID_046D&PID_08F0\5&101D9493&0&3 Manufacturer: Name: Camera PNP Device ID: USB\VID_046D&PID_08F0\5&101D9493&0&3 Service: -- Files created between 2008-01-24 and 2008-02-24 ----------------------------- 2008-02-24 18:34:23 0 d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-24 14:38:45 0 d-------- F:\Program Files\Common Files\Wise Installation Wizard 2008-02-10 12:11:32 0 d-------- F:\WINDOWS\system32\NtmsData 2008-02-06 19:14:05 0 d-------- F:\Program Files\Windows Live Toolbar 2008-02-06 19:13:30 0 d-------- F:\Documents and Settings\Todd\Contacts 2008-02-06 19:13:15 0 d------c- F:\WINDOWS\system32\DRVSTORE 2008-02-06 19:08:54 0 d--hs--c- F:\Program Files\Common Files\WindowsLiveInstaller 2008-02-06 19:08:44 0 d-------- F:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-06 09:17:42 0 d-------- F:\Program Files\MSECache -- Find3M Report --------------------------------------------------------------- 2008-02-24 14:38:45 0 d-------- F:\Program Files\Common Files 2008-02-23 12:48:00 0 d-------- F:\Program Files\Common Files\Adobe 2008-02-23 12:40:56 0 d-------- F:\Documents and Settings\Todd\Application Data\uTorrent 2008-02-09 14:41:41 0 d-------- F:\Documents and Settings\Todd\Application Data\??crosoft.NET 2008-02-09 12:08:13 250767 --ahs---- F:\WINDOWS\system32\hjjlm.ini2 2008-01-31 10:24:53 0 d-------- F:\Program Files\Common Files\??sks 2008-01-18 09:19:49 0 d-------- F:\Documents and Settings\Todd\Application Data\Sun 2008-01-17 22:14:23 1279 --a------ F:\WINDOWS\mozver.dat 2008-01-17 22:06:10 0 d-------- F:\Program Files\Java 2008-01-17 21:58:55 0 d-------- F:\Program Files\Common Files\Java 2008-01-08 07:17:45 0 d-------- F:\Documents and Settings\Todd\Application Data\Help 2008-01-07 07:26:02 0 d--h----- F:\Program Files\InstallShield Installation Information 2008-01-07 07:26:02 0 d-------- F:\Program Files\Infinite Mind LC 2008-01-07 07:25:00 0 d-------- F:\Program Files\Common Files\InstallShield 2008-01-07 07:18:38 0 d-------- F:\Documents and Settings\Todd\Application Data\Adobe 2008-01-07 07:17:35 0 d-------- F:\Program Files\Common Files\Macrovision Shared 2008-01-06 16:37:03 0 d-------- F:\Program Files\Lavasoft 2008-01-06 15:44:02 0 d-------- F:\Program Files\Microsoft Works 2008-01-06 15:43:52 0 d-------- F:\Program Files\MSBuild 2008-01-06 13:55:12 0 d-------- F:\Documents and Settings\Todd\Application Data\Winamp 2008-01-06 01:32:30 0 d-------- F:\Program Files\Temporary 2008-01-06 01:32:19 0 d-------- F:\Program Files\PowerISO 2008-01-05 15:56:22 352256 --a------ F:\WINDOWS\system32\JMRaidTool .exe 2008-01-05 15:56:22 0 d-------- F:\Program Files\Messenger 2008-01-05 15:51:45 0 d-------- F:\Program Files\Kaspersky Lab 2008-01-05 15:45:04 0 d-------- F:\Documents and Settings\Todd\Application Data\WinRAR 2008-01-05 15:30:53 0 d-------- F:\Program Files\Movie Maker 2008-01-05 15:30:06 0 d-------- F:\Program Files\Windows NT 2008-01-05 15:16:17 0 d-------- F:\Program Files\Winamp 2008-01-05 15:13:12 0 d-------- F:\Documents and Settings\Todd\Application Data\Macromedia 2008-01-05 15:12:13 0 d-------- F:\Program Files\uTorrent 2008-01-05 15:08:39 0 d-------- F:\Program Files\Online Services 2008-01-05 15:00:41 0 --a------ F:\WINDOWS\nsreg.dat 2008-01-05 15:00:39 0 d-------- F:\Documents and Settings\Todd\Application Data\Mozilla 2008-01-05 14:57:43 0 d--h----- F:\Program Files\WindowsUpdate 2008-01-05 14:39:49 0 d-------- F:\Program Files\Analog Devices 2008-01-05 14:38:13 22 --a------ F:\WINDOWS\FileName 2008-01-05 14:38:08 0 d-------- F:\Program Files\NVIDIA Corporation 2008-01-05 14:31:00 0 d-------- F:\Documents and Settings\Todd\Application Data\Identities 2008-01-05 14:27:34 0 d-------- F:\Program Files\microsoft frontpage 2008-01-05 14:25:48 0 d-------- F:\Program Files\Common Files\MSSoap 2008-01-05 14:25:29 21640 --a------ F:\WINDOWS\system32\emptyregdb.dat 2008-01-05 14:24:45 0 d-------- F:\Program Files\MSN Gaming Zone 2008-01-05 09:16:02 0 d-------- F:\Program Files\Common Files\ODBC 2008-01-05 09:16:00 0 d-------- F:\Program Files\Common Files\SpeechEngines 2008-01-05 09:15:42 62 --ahs---- F:\Documents and Settings\Todd\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F46D7EAA-901F-453B-9435-24A963B0FCEB}] F:\WINDOWS\System32\mljjh.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="F:\WINDOWS\System32\NvCpl.dll" [04/17/2007 03:48 PM] "nwiz"="nwiz.exe" [04/17/2007 03:48 PM F:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="F:\WINDOWS\System32\NvMcTray.dll" [04/17/2007 03:48 PM] "AVP"="F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [12/18/2007 12:43 AM] "@"="" [] "Acrobat Assistant 8.0"="F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhig] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 F:\WINDOWS\System32\mljjh [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\autorun.exe -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 7966 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-02-24 21:51:20 ------------