Deckard's System Scanner v20071014.68 Run by Owner on 2008-05-27 20:07:13 Computer is in Safe Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:07:30 PM, on 5/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\DOCUME~1\Owner\Desktop\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7 O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user') O4 - .DEFAULT User Startup: Earthlink.lnk = ? (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1193626600328 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.33.7/ttinst.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe -- End of file - 7017 bytes -- Files created between 2008-04-27 and 2008-05-27 ----------------------------- 2008-05-27 14:06:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-27 14:06:05 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-27 14:06:01 0 d-------- C:\WINDOWS\LastGood 2008-05-24 21:47:08 0 d-------- C:\Documents and Settings\NetworkService\Desktop 2008-05-24 21:47:08 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor 2008-05-23 08:17:56 262144 --a------ C:\WINDOWS\system32\default_user_class.dat 2008-05-21 16:53:25 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2008-05-21 16:53:01 0 d-------- C:\Program Files\SiteAdvisor 2008-05-21 16:53:01 0 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor 2008-05-21 16:53:01 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-05-21 16:46:20 0 d-------- C:\Program Files\McAfee.com 2008-05-21 16:45:59 0 d-------- C:\Program Files\Common Files\McAfee 2008-05-21 16:45:38 0 d-------- C:\Program Files\McAfee 2008-05-20 13:35:05 0 d-------- C:\Program Files\WinAVI MP4 Converter 2008-05-20 13:17:36 9502720 --a------ C:\Documents and Settings\Owner\ntuser.dat 2008-05-20 04:51:42 0 d-------- C:\Program Files\Alwil Software 2008-05-20 03:28:50 0 d-------- C:\NoLopBackups 2008-05-20 02:11:39 0 d-------- C:\WINDOWS\ERUNT 2008-05-19 17:11:57 0 d-------- C:\Program Files\Panda Security 2008-05-19 16:44:04 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-19 16:43:42 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-19 16:43:42 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com 2008-05-15 09:43:24 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes 2008-05-15 09:43:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-15 09:43:16 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-15 09:42:56 0 d-------- C:\Program Files\Common Files\Download Manager 2008-05-10 13:00:22 0 d-------- C:\Program Files\Common Files\xing shared 2008-05-09 16:08:42 262144 --a------ C:\Documents and Settings\Application Data\NTUSER.DAT 2008-05-03 18:45:04 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-04-30 19:53:29 0 d-------- C:\Program Files\Reference Assemblies -- Find3M Report --------------------------------------------------------------- 2008-05-25 17:57:41 0 d-a------ C:\Program Files\Common Files 2008-05-23 02:24:11 0 d-------- C:\Program Files\Google 2008-05-20 23:52:18 0 d-------- C:\Program Files\Java 2008-05-20 23:48:54 0 d-------- C:\Program Files\Common Files\Java 2008-05-20 14:33:04 0 d-------- C:\Program Files\NextUp-Acapela 2008-05-20 13:35:07 0 d-------- C:\Program Files\ExtractNow 2008-05-20 12:20:00 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-05-20 12:19:14 0 d-------- C:\Program Files\AFT software 2008-05-20 08:48:00 0 d-------- C:\Program Files\DigiMode 2008-05-19 17:11:59 8239 --a----c- C:\WINDOWS\mozver.dat 2008-05-18 19:10:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2008-05-10 12:59:58 0 d-------- C:\Program Files\Common Files\Real 2008-05-02 14:52:22 0 d-------- C:\Program Files\Windows Defender 2008-04-30 19:54:44 0 d-------- C:\Program Files\MSBuild 2008-04-26 13:05:11 0 d-------- C:\Program Files\Big Mutha Truckers 2008-04-24 22:32:30 0 d-------- C:\Program Files\Apple Software Update 2008-04-19 10:02:41 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent 2008-04-08 23:06:45 0 d-------- C:\Program Files\DivX 2008-04-03 22:38:41 0 d-------- C:\Program Files\iTunes 2008-04-03 22:35:21 0 d-------- C:\Program Files\QuickTime 2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll 2008-03-27 19:50:08 0 d-------- C:\Program Files\iPod 2008-03-27 19:47:00 0 d-------- C:\Program Files\HP 2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTMSG"="LTMSG.exe" [07/14/2003 11:52 AM C:\WINDOWS\ltmsg.exe] "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 04:44 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 05:57 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:56 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe "tscuninstall"=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^hc_tray.lnk] backup=C:\WINDOWS\pss\hc_tray.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTSpool ] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe -- End of Deckard's System Scanner: finished at 2008-05-27 20:08:11 ------------