Deckard's System Scanner v20071014.68 Run by Kelly on 2008-07-11 10:29:16 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Kelly.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:06, on 7/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\WINDOWS\arservice.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe C:\Documents and Settings\Kelly\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Kelly.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file) O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/securedelivery/omn/PlayerSupport.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/securedelivery/omn/MediaPublisher.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165348971449 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 9100 bytes -- Files created between 2008-06-11 and 2008-07-11 ----------------------------- 2008-07-11 10:24:46 0 d-------- C:\Documents and Settings\Kelly\Application Data\abelhadigital.com 2008-07-11 10:24:46 0 d-------- C:\Documents and Settings\All Users\Application Data\abelhadigital.com 2008-07-11 10:21:50 6735236 --a------ C:\backup.reg 2008-07-09 19:58:38 135168 --a------ C:\zip.exe 2008-07-09 19:58:38 19286 --a------ C:\cleanup.exe 2008-07-09 19:58:38 574 --a------ C:\cleanup.bat 2008-07-09 18:45:48 0 d-------- C:\Documents and Settings\Kelly\Application Data\OnlineArmor 2008-07-09 18:45:48 0 d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor 2008-07-09 18:45:34 28872 --a------ C:\WINDOWS\system32\drivers\oanet.sys 2008-07-09 18:45:34 25600 --a------ C:\WINDOWS\system32\drivers\OAmon.sys 2008-07-09 18:45:34 75776 --a------ C:\WINDOWS\system32\drivers\OADriver.sys 2008-07-09 18:45:34 0 d-------- C:\Program Files\Tall Emu 2008-07-05 11:07:34 449462 --a------ C:\HaxFix.exe 2008-07-04 14:02:01 0 d-------- C:\Program Files\HostsMan 2008-07-03 22:34:18 0 d-------- C:\Program Files\HD Tune 2008-07-01 01:15:01 0 d-------- C:\WINDOWS\Prefetch 2008-07-01 01:04:25 0 d-------- C:\WINDOWS\system32\scripting 2008-07-01 01:04:24 0 d-------- C:\WINDOWS\system32\en 2008-07-01 01:04:24 0 d-------- C:\WINDOWS\l2schemas 2008-07-01 01:04:23 0 d-------- C:\WINDOWS\system32\bits 2008-07-01 01:02:31 0 d-------- C:\WINDOWS\ServicePackFiles 2008-06-28 14:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-06-28 11:59:58 39424 --a------ C:\WINDOWS\zipinst.exe 2008-06-27 23:32:13 0 d-------- C:\Program Files\Common Files\Java 2008-06-23 17:06:15 0 d-------- C:\WINDOWS\ERUNT 2008-06-15 21:31:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-06-15 21:31:41 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-06-15 21:31:41 0 d-------- C:\Documents and Settings\Kelly\Application Data\SUPERAntiSpyware.com 2008-06-12 15:35:16 0 d-------- C:\Program Files\iPod 2008-06-12 15:35:06 0 d-------- C:\Program Files\iTunes 2008-06-12 15:34:02 0 d-------- C:\Program Files\QuickTime 2008-06-12 15:32:24 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-06-12 15:29:32 0 d-------- C:\Program Files\Apple Software Update 2008-06-12 15:29:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple -- Find3M Report --------------------------------------------------------------- 2008-07-11 10:22:55 0 d-------- C:\Program Files\Common Files 2008-07-09 21:00:44 0 d-------- C:\Program Files\HP 2008-07-09 20:52:11 0 d-------- C:\Program Files\kontiki 2008-07-09 16:03:50 0 d-------- C:\Program Files\SpywareGuard 2008-07-09 14:19:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-07-08 10:05:32 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe 2008-07-08 10:05:32 16267 --a------ C:\WINDOWS\mozver.dat 2008-07-08 10:05:22 118784 --a------ C:\WINDOWS\GREUninstall.exe 2008-07-06 15:25:43 0 d-------- C:\Program Files\SpywareBlaster 2008-07-04 10:59:44 0 d-------- C:\Program Files\SpeedFan 2008-07-01 01:04:47 0 d-------- C:\Program Files\Messenger 2008-07-01 01:04:23 0 d-------- C:\Program Files\Movie Maker 2008-07-01 01:02:15 0 d-------- C:\Program Files\Windows NT 2008-06-29 18:15:35 0 d-------- C:\Program Files\Napster 2008-06-29 10:55:37 0 d-------- C:\Program Files\MSECache 2008-06-28 17:03:27 0 d-------- C:\Program Files\Yahoo! 2008-06-28 17:03:24 0 d-------- C:\Program Files\SureThing 2008-06-28 17:03:01 0 d-------- C:\Program Files\OpenTalk 2008-06-28 17:02:26 0 d-------- C:\Program Files\Logitech 2008-06-28 17:02:24 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-28 17:02:22 0 d-------- C:\Program Files\Hewlett-Packard 2008-06-28 17:02:17 0 d-------- C:\Program Files\GemMaster 2008-06-28 17:02:12 0 d-------- C:\Program Files\Common Files\aolshare 2008-06-28 17:02:11 0 d-------- C:\Program Files\Common Files\AOL 2008-06-28 17:02:04 0 d-------- C:\Program Files\CD to MP3 Freeware 2008-06-28 17:02:04 0 d-------- C:\Program Files\BitComet 2008-06-28 17:02:04 0 d-------- C:\Program Files\Audible 2008-06-28 16:49:53 0 d-------- C:\Program Files\Malware Immunizer 2008-06-28 15:06:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-28 14:33:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 14:24:33 0 d-------- C:\Program Files\DrWeb 2008-06-28 12:09:39 0 d-------- C:\Program Files\WinUpdatesList 2008-06-28 00:19:13 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-06-27 23:32:55 0 d-------- C:\Program Files\Java 2008-06-24 18:57:59 0 d-------- C:\Program Files\Shockwave.com 2008-06-16 14:02:00 0 d-------- C:\Documents and Settings\Kelly\Application Data\OpenOffice.org2 2008-06-12 15:36:36 0 d-------- C:\Documents and Settings\Kelly\Application Data\Apple Computer 2008-06-08 16:20:06 0 d-------- C:\Documents and Settings\Kelly\Application Data\Adobe 2008-06-06 08:57:39 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-05 23:49:04 222 ---h----- C:\bde 2008-06-05 23:32:44 0 d-------- C:\Documents and Settings\Kelly\Application Data\Malwarebytes 2008-06-04 19:37:15 0 d-------- C:\Program Files\Trend Micro 2008-06-04 19:25:50 0 d-------- C:\Program Files\7-Zip 2008-05-28 23:22:30 0 d-------- C:\Documents and Settings\Kelly\Application Data\AdobeUM 2008-05-28 14:39:11 0 d-------- C:\Program Files\MTV Virtual World 2008-05-23 00:43:40 0 d-------- C:\Documents and Settings\Kelly\Application Data\PlayFirst 2008-05-21 09:38:13 0 d-------- C:\Program Files\Common Files\Roxio Shared 2008-05-21 09:38:13 0 d-------- C:\Program Files\Common Files\Napster Shared -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown -- End of Deckard's System Scanner: finished at 2008-07-11 10:31:59 ------------