Deckard's System Scanner v20071014.68 Run by Administrator on 2008-06-16 19:03:32 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]Percentage of Memory in Use: 81% (more than 75%).[/color] [color=red]Total Physical Memory: 495 MiB (512 MiB recommended).[/color] -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:04, on 6/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\hphmon06.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM\aim.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqgalry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hpbpro.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Administrator\Desktop\New Folder\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ O2 - BHO: &Yahoo! Toolbar Helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [tomcatstartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" O4 - HKLM\..\Run: [statusclient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE O4 - HKLM\..\Run: [phime2002async] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [mspy2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [imjpmig8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [hphupd06] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [hphmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [hp component manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [ccapp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O11 - Options group: [international] International* O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.27 85.255.112.202 O17 - HKLM\System\CS3\Services\Tcpip\..\{1EA17F39-9B6E-4F61-8D99-939726164331}: NameServer = 85.255.115.27,85.255.112.202 O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file) O23 - Service: Apple Mobile Device (apple mobile device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CaEvtSvc (caevtsvc) - Unknown owner - C:\WINDOWS\System32\CaEvtSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: iPod Service (ipodservice) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Performance Logs and Alerts SysmonLog AntiVirus (sysmonlog antivirus) - Unknown owner - C:\WINDOWS\system32\adsnwu.exe (file missing) O23 - Service: WebClient WebClientLmHosts (webclientlmhosts) - Unknown owner - C:\WINDOWS\system32\fasd522.exe (file missing) -- End of file - 7692 bytes -- Files created between 2008-05-16 and 2008-06-16 ----------------------------- 2008-06-16 15:30:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent 2008-06-15 15:05:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim 2008-06-15 15:04:59 0 d-------- C:\Program Files\Viewpoint 2008-06-15 15:04:57 0 d-------- C:\Program Files\AOD 2008-06-15 15:04:46 0 d-------- C:\Program Files\AIM 2008-06-13 18:22:09 0 d-------- C:\Program Files\SystemRequirementsLab 2008-06-13 18:22:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab 2008-06-11 21:43:28 68096 --a------ C:\WINDOWS\zip.exe 2008-06-11 21:43:28 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-11 21:43:28 212480 --a------ C:\WINDOWS\swxcacls.exe 2008-06-11 21:43:28 136704 --a------ C:\WINDOWS\swsc.exe 2008-06-11 21:43:28 161792 --a------ C:\WINDOWS\swreg.exe 2008-06-11 21:43:28 98816 --a------ C:\WINDOWS\sed.exe 2008-06-11 21:43:28 80412 --a------ C:\WINDOWS\grep.exe 2008-06-11 21:43:28 89504 --a------ C:\WINDOWS\fdsv.exe 2008-06-07 10:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-07 10:25:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-07 10:01:30 76639952 --a------ C:\registrybackup.reg 2008-06-05 14:58:53 129536 --a------ C:\WINDOWS\system32\drivers\Soy52.sys 2008-06-01 16:00:25 129536 --a------ C:\WINDOWS\system32\drivers\Xtdr48.sys 2008-05-31 00:26:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR 2008-05-30 15:45:15 129536 --a------ C:\WINDOWS\system32\drivers\Wxdm48.sys 2008-05-29 06:25:51 129536 --a------ C:\WINDOWS\system32\drivers\Vfvt56.sys 2008-05-27 22:23:32 967 --a------ C:\WINDOWS\ScUnin.pif 2008-05-27 22:23:32 35382 --a------ C:\WINDOWS\scunin.dat 2008-05-27 22:23:31 94208 --a------ C:\WINDOWS\ScUnin.exe 2008-05-27 22:20:48 129536 --a------ C:\WINDOWS\system32\drivers\Ybsb28.sys 2008-05-27 14:55:14 129536 --a------ C:\WINDOWS\system32\drivers\Wwy56.sys 2008-05-26 06:52:37 129536 --a------ C:\WINDOWS\system32\drivers\Tjig36.sys 2008-05-25 21:15:46 129536 --a------ C:\WINDOWS\system32\drivers\Qgxd48.sys 2008-05-25 20:14:36 0 d-------- C:\Program Files\Trend Micro 2008-05-25 17:44:01 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2008-05-24 21:36:24 5824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-05-24 08:07:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-24 08:06:08 0 d-------- C:\Program Files\Spyware Doctor 2008-05-24 08:06:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools 2008-05-17 18:50:06 0 d-------- C:\Program Files\iTunes 2008-05-17 18:00:27 0 d-------- C:\Program Files\Apple Software Update 2008-05-17 17:58:49 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files\Apple 2008-05-17 17:51:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2008-06-15 23:54:09 0 d-------- C:\Program Files\Starcraft 2008-06-13 18:38:29 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-12 13:58:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM 2008-06-08 21:16:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire 2008-06-07 13:01:37 0 d-------- C:\Program Files\Alwil Software 2008-06-07 11:22:49 0 d-------- C:\Program Files\Symantec 2008-05-25 10:07:56 0 d-------- C:\Program Files\Common Files\InstallShield 2008-05-25 10:03:48 0 d-------- C:\Program Files\Advanced Spyware Remover 2008-05-24 21:40:21 229376 --a------ C:\WINDOWS\IsUninst.exe 2008-05-17 18:48:07 0 d-------- C:\Program Files\iPod 2008-05-17 18:17:21 0 d-------- C:\Program Files\QuickTime 2008-05-17 17:51:41 0 d-------- C:\Program Files\Common Files 2008-05-16 11:04:18 2024 --a------ C:\WINDOWS\mozver.dat 2008-05-16 10:53:48 0 d-------- C:\Program Files\WINForms Desktop 2008-05-11 00:09:47 3499695 --ahs---- C:\WINDOWS\system32\a3det.sys 2008-05-10 12:37:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-10 06:31:00 563 --a-s---- C:\WINDOWS\system32\3127182004.dat 2008-05-06 17:50:21 0 d-------- C:\Program Files\Error Expert 2008-04-29 16:53:57 450 --a------ C:\WINDOWS\system32\mng86.bin 2008-04-27 19:23:47 7 --a------ C:\WINDOWS\system32\ngxt.bin 2008-04-27 19:02:09 0 d-------- C:\Program Files\Yahoo! 2008-04-27 19:01:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo! 2008-04-23 17:45:25 2 --a------ C:\-1527683725 2008-04-23 17:45:07 577024 --a------ C:\WINDOWS\system32\user32.dll 2008-04-22 19:08:11 24576 --a------ C:\WINDOWS\system32\userinit.exe 2008-04-22 19:08:03 160256 --a------ C:\WINDOWS\system32\blackster.scr 2008-04-22 03:06:42 98304 --a------ C:\WINDOWS\olgdqarf.exe 2008-04-21 15:06:21 48585 --a------ C:\WINDOWS\system32\activedsi.sys 2008-04-21 15:06:18 23040 --ahs---- C:\WINDOWS\system32\adsmsexti.dll 2008-04-20 16:08:55 0 d-------- C:\Program Files\FBrowserAdvisor -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "tomcatstartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [05/20/2004 09:40] "sunjavaupdatesched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [05/02/2007 05:15] "statusclient 2.6"="C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [02/27/2004 10:29] "soundman"="SOUNDMAN.EXE" [02/26/2004 16:53 C:\WINDOWS\SOUNDMAN.EXE] "phime2002async"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 21:39] "phime2002a"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 21:39] "mspy2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 21:39] "imjpmig8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 22:31] "hphupd06"="C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [06/06/2004 21:53] "hphmon06"="C:\WINDOWS\system32\hphmon06.exe" [06/06/2004 21:42] "hpdj taskbar utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [04/06/2004 03:28] "hp component manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [05/12/2004 16:18] "ccapp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 15:52] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/24/2005 16:16] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 16:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 17:45] "AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 15:35] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe [5/28/2004 11:31:38 PM] HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital Imaging\bin\hpqthb08.exe [5/29/2004 12:06:36 AM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) -- End of Deckard's System Scanner: finished at 2008-06-16 19:05:10 ------------