Deckard's System Scanner v20071014.68 Run by Jason Love on 2008-03-13 23:11:06 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 86% (more than 75%).[/color] [color=red]Total Physical Memory: 256 MiB (512 MiB recommended).[/color] -- HijackThis (run as Jason Love.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:20 PM, on 3/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Utilities\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\JASONL~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.britannica.com/cgi-bin/britannica?SID=382K00033456 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0032.exe O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia.com/install/pcs_0002.exe O16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} - http://www.alwaysupdatednews.com/install/aun_0032.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 5957 bytes -- Files created between 2008-02-13 and 2008-03-13 ----------------------------- 2008-03-12 22:44:03 2208 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-12 22:42:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-03-12 22:42:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-03-12 22:42:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-03-12 22:42:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-03-12 22:42:35 53248 --a------ C:\WINDOWS\system32\Process.exe 2008-03-12 22:42:35 82432 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-03-12 22:42:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-03-11 00:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-11 00:12:29 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-11 00:12:29 0 d-------- C:\Documents and Settings\Jason Love\Application Data\SUPERAntiSpyware.com 2008-03-10 21:41:04 0 d-------- C:\Documents and Settings\Jason Love\Application Data\Google 2008-03-10 21:17:24 0 d-------- C:\Documents and Settings\Jason Love\Application Data\Grisoft 2008-03-09 23:48:22 68096 --a------ C:\WINDOWS\system32\zip.exe 2008-03-09 23:48:22 98816 --a------ C:\WINDOWS\system32\sed.exe 2008-03-09 23:48:22 80412 --a------ C:\WINDOWS\system32\grep.exe 2008-03-09 23:48:22 73728 --a------ C:\WINDOWS\system32\fdsv.exe 2008-03-09 21:52:58 0 d-------- C:\Program Files\Trend Micro 2008-03-09 15:37:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-09 15:20:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-09 14:58:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2008-03-09 14:58:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe 2008-03-09 14:58:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google 2008-03-09 11:03:06 0 d--hs---- C:\WINDOWS\system32\wsnpoem 2008-03-09 10:43:02 0 d-------- C:\Program Files\Windows Defender 2008-03-09 10:39:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-03-09 08:59:45 0 d-------- C:\Program Files\Lavasoft 2008-03-09 08:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-03-09 08:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-09 08:50:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft 2008-03-09 08:30:32 0 d-------- C:\Program Files\Utilities 2008-03-05 23:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-05 23:37:56 0 d-------- C:\Program Files\AVG 2008-03-05 23:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2008-03-05 23:12:40 0 d-------- C:\WINDOWS\system32\PreInstall 2008-03-05 23:07:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-03-05 22:50:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder 2008-03-05 22:49:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities 2008-03-05 22:49:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft 2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\Templates 2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\Start Menu 2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\SendTo 2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\PrintHood 2008-03-05 22:49:41 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\NetHood 2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\My Documents 2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\Local Settings 2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\Favorites 2008-03-05 22:49:41 0 d-------- C:\Documents and Settings\Administrator\Desktop 2008-03-05 22:49:41 0 d---s---- C:\Documents and Settings\Administrator\Cookies 2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data -- Find3M Report --------------------------------------------------------------- 2008-03-09 23:53:07 0 d-------- C:\Program Files\Common Files 2008-03-05 23:23:55 0 d-------- C:\Program Files\Google 2008-03-05 23:14:25 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [08/03/2001 09:24 PM] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 10:11 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/19/2005 11:17 AM] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/06/2004 04:33 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2008 11:14 PM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "SleepApp"= {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-03-13 23:12:17 ------------