Deckard's System Scanner v20071014.68 Run by administrator on 2008-03-25 15:37:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 86% (more than 75%).[/color] -- HijackThis (run as administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:37, on 2008-03-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\CTsvcCDA.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINNT\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINNT\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINNT\Explorer.EXE C:\WINNT\GWMDMMSG.exe C:\Program Files\PhoneTools\CapFax.EXE C:\WINNT\system32\SK9910DM.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINNT\system32\Rundll32.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\WINNT\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\administrator\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://DELL2800:8080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://companyweb O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205963362166 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205963542947 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FLINNDENTAL.local O17 - HKLM\Software\..\Telephony: DomainName = FLINNDENTAL.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FLINNDENTAL.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = FLINNDENTAL.local O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing) O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10132 bytes -- Files created between 2008-02-25 and 2008-03-25 ----------------------------- 2008-03-25 12:38:36 0 d-------- C:\fsaua.data 2008-03-25 10:31:26 0 d-------- C:\Documents and Settings\administrator\.housecall6.6 2008-03-25 10:26:24 0 d-------- C:\WINNT\Sun 2008-03-25 10:26:24 0 d-------- C:\Documents and Settings\administrator\Application Data\Sun 2008-03-25 10:25:19 0 d-------- C:\Program Files\Java 2008-03-25 10:25:17 0 d-------- C:\Program Files\Common Files\Java 2008-03-25 08:36:40 68096 --a------ C:\WINNT\system32\zip.exe 2008-03-24 11:09:03 0 d-------- C:\Documents and Settings\administrator\DoctorWeb 2008-03-20 12:34:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-20 12:34:19 0 d-------- C:\WINNT\system32\Kaspersky Lab 2008-03-20 10:20:31 98816 --a------ C:\WINNT\system32\sed.exe 2008-03-20 10:20:31 80412 --a------ C:\WINNT\system32\grep.exe 2008-03-20 10:20:31 73728 --a------ C:\WINNT\system32\fdsv.exe 2008-03-20 10:01:42 0 d-------- C:\Documents and Settings\administrator\Application Data\Malwarebytes 2008-03-20 10:01:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-03-20 10:01:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-03-19 16:25:06 0 d-------- C:\Program Files\Trend Micro 2008-03-19 16:11:27 0 d-------- C:\WINNT\system32\PreInstall 2008-03-19 16:11:24 0 d--h----- C:\WINNT\$hf_mig$ 2008-03-19 15:52:50 0 d-------- C:\WINNT\system32\SoftwareDistribution 2008-03-19 14:51:53 69632 --a------ C:\WINNT\system32\asprouni.exe 2008-03-19 14:51:11 0 d-------- C:\WINNT\system32\ASPRO 2008-03-19 13:44:12 0 d-------- C:\WINNT\system32\ActiveScan 2008-03-19 11:01:30 0 d-------- C:\Documents and Settings\administrator\Application Data\Grisoft 2008-03-19 11:01:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-03-18 16:34:32 0 d--h----- C:\WINNT\system32\GroupPolicy 2008-02-26 20:26:47 262144 --a------ C:\Documents and Settings\Administrator.CONSULT\NTUSER.DAT 2008-02-26 20:26:47 262144 --a------ C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT -- Find3M Report --------------------------------------------------------------- 2008-03-25 15:33:59 0 d-------- C:\Program Files\Symantec AntiVirus 2008-03-25 10:25:17 0 d-------- C:\Program Files\Common Files 2008-03-19 15:01:19 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-03-19 15:01:13 0 d-------- C:\Program Files\Messenger 2008-03-19 15:01:10 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-19 15:01:10 0 d-------- C:\Program Files\Linksys EasyLink Advisor 2008-03-19 14:23:06 0 d-------- C:\Program Files\PhoneTools 2008-03-18 08:33:14 0 d-------- C:\Documents and Settings\administrator\Application Data\SUPERAntiSpyware.com 2008-03-18 08:32:35 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-22 09:47:12 0 d--h----- C:\Documents and Settings\administrator\Application Data\GTek 2008-01-16 16:39:27 99160 --a------ C:\Documents and Settings\administrator\Application Data\GDIPFONTCACHEV1.DAT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GWMDMMSG"="GWMDMMSG.exe" [2002-03-06 09:08 C:\WINNT\GWMDMMSG.exe] "CapFax"="C:\Program Files\PhoneTools\CapFax.EXE" [2001-11-07 13:25] "nwiz"="nwiz.exe" [2002-05-03 09:06 C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [2005-04-01 15:16] "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 13:50 C:\WINNT\system32\SK9910DM.EXE] "Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [2004-08-03 23:56] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 15:44] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 14:18] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2003-12-01 10:38] "Logitech Utility"="Logi_MwX.Exe" [2003-11-07 03:50 C:\WINNT\LOGI_MWX.EXE] "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-10-01 09:01] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-10-01 09:01] "CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51] "P17Helper"="P17.dll" [2005-05-03 05:38 C:\WINNT\system32\P17.dll] "UpdReg"="C:\WINNT\UpdReg.EXE" [2000-05-11 01:00] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:06] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 08:59] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 09:36] "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-25 14:24:27] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-11-15 04:31:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=1 (0x1) "HideStartupScripts"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" -- End of Deckard's System Scanner: finished at 2008-03-25 15:37:33 ------------