Hijack log, Help My laptop needs to last another 3 weeks.

Deckard's System Scanner v20071014.68
Run by ecoli2 on 2008-04-11 02:26:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
44: 2008-04-11 06:27:26 UTC - RP52 - Deckard's System Scanner Restore Point
43: 2008-04-09 18:18:27 UTC - RP51 - Removed SUPERAntiSpyware Free Edition
42: 2008-04-08 19:32:42 UTC - RP50 - Removed Windows Live Messenger
41: 2008-04-08 18:05:55 UTC - RP49 - Installed Ad-Aware 2007
40: 2008-04-08 15:37:41 UTC - RP48 - Installed SUPERAntiSpyware Free Edition

-- First Restore Point --
1: 2008-01-12 20:51:38 UTC - RP9 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 495 MiB (512 MiB recommended).
System Drive C: has 2.49 GiB (less than 15%) free.

-- HijackThis (run as ecoli2.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:53 AM, on 4/11/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\NEW\System32\smss.exe
C:\WINDOWS\NEW\system32\winlogon.exe
C:\WINDOWS\NEW\system32\services.exe
C:\WINDOWS\NEW\system32\lsass.exe
C:\WINDOWS\NEW\system32\svchost.exe
C:\WINDOWS\NEW\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\NEW\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\NEW\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\NEW\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NEW\System32\ctfmon.exe
C:\Documents and Settings\ecoli2\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ecoli2.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\NEW\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\NEW\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\NEW\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\NEW\System32\ctfmon.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\NEW\system32\ZoneLabs\vsmon.exe

--
End of file - 3241 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\new\system32\giveio.sys
R0 speedfan - c:\windows\new\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 npkcrypt - c:\program files\gravity\ro\npkcrypt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Diskeeper - c:\program files\diskeeper corporation\diskeeper\dkservice.exe <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_8086&DEV_3584&SUBSYS_00011179&REV_01\3&61AAA01&0&01
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_8086&DEV_3584&SUBSYS_00011179&REV_01\3&61AAA01&0&01
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_8086&DEV_3585&SUBSYS_00011179&REV_01\3&61AAA01&0&03
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_8086&DEV_3585&SUBSYS_00011179&REV_01\3&61AAA01&0&03
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\TOS6202\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS6202\2&DABA3FF&0
Service:

-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-08 15:33:19 0 d-------- C:\WINDOWS\NEW\SxsCaPendDel
2008-04-08 14:30:42 0 d-------- C:\Documents and Settings\ecoli2\Application Data\Malwarebytes
2008-04-08 14:30:30 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Malwarebytes
2008-04-08 14:30:28 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 14:05:58 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Lavasoft
2008-04-08 11:38:10 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\SUPERAntiSpyware.com
2008-04-08 11:37:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 11:37:43 0 d-------- C:\Documents and Settings\ecoli2\Application Data\SUPERAntiSpyware.com
2008-04-08 11:37:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 09:03:05 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data\Grisoft
2008-04-07 23:25:31 0 d-------- C:\Documents and Settings\ecoli2\Application Data\Grisoft
2008-04-07 23:25:10 0 d-------- C:\Documents and Settings\All Users.NEW\Application Data\Grisoft
2008-04-07 22:55:54 0 d---s---- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data\Microsoft
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Templates
2008-04-07 22:55:53 0 dr------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Start Menu
2008-04-07 22:55:53 0 dr-h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\SendTo
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Recent
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\PrintHood
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\NetHood
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\My Documents
2008-04-07 22:55:53 0 d--h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Local Settings
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Favorites
2008-04-07 22:55:53 0 d-------- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Desktop
2008-04-07 22:55:53 0 d---s---- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Cookies
2008-04-07 22:55:53 0 dr-h----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\Application Data
2008-04-07 22:55:52 786432 --ah----- C:\Documents and Settings\Administrator.WEE2-TZHM7J8PQO\NTUSER.DAT
2008-04-07 21:40:24 0 d-------- C:\!KillBox
2008-04-07 20:29:55 0 d-------- C:\Program Files\Trend Micro
2008-04-07 19:48:01 0 d-------- C:\Program Files\a-squared Free
2008-04-05 23:16:31 4456448 --a------ C:\Documents and Settings\ecoli2\ntuser.dat
2008-03-28 18:29:04 0 d-------- C:\Program Files\TD AMERITRADE
2008-03-11 23:38:30 0 d--h----- C:\WINDOWS\NEW\System32\GroupPolicy

-- Find3M Report ---------------------------------------------------------------

2008-04-11 02:05:40 0 d-------- C:\Program Files\Trillian
2008-04-10 23:06:55 0 d-------- C:\Program Files\mIRC
2008-04-08 15:33:40 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-08 15:31:24 0 d-------- C:\Program Files\MediaMonkey
2008-04-08 14:06:01 0 d-------- C:\Program Files\Lavasoft
2008-04-08 11:37:05 0 d-------- C:\Program Files\Common Files
2008-04-08 11:23:41 0 d-------- C:\Program Files\SpywareBlaster
2008-03-28 18:29:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-17 19:51:01 0 d-------- C:\Program Files\DC++
2008-03-16 01:42:48 0 d-------- C:\Documents and Settings\ecoli2\Application Data\uTorrent
2008-03-07 20:26:25 0 d-------- C:\Program Files\Audacity
2008-03-06 02:41:29 0 d-------- C:\Documents and Settings\ecoli2\Application Data\DMCache
2008-03-01 03:33:28 0 d-------- C:\Documents and Settings\ecoli2\Application Data\GlobalSCAPE
2008-03-01 03:25:52 0 d-------- C:\Documents and Settings\ecoli2\Application Data\SmartFTP
2008-02-17 04:13:16 0 d-------- C:\Program Files\CoreCodec
2008-02-11 15:42:10 0 d-------- C:\Program Files\SpeedFan
2008-01-16 13:49:51 24080 --a------ C:\Documents and Settings\ecoli2\Application Data\GDIPFONTCACHEV1.DAT

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/19/2005 07:06 PM]
"PmProxy"="C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe" [02/28/2003 07:54 PM]
"HotKeysCmds"="C:\WINDOWS\NEW\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"IgfxTray"="C:\WINDOWS\NEW\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"KernelFaultCheck"="C:\WINDOWS\NEW\system32\dumprep 0 -k" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [06/07/2006 12:35 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\NEW\System32\ctfmon.exe" [08/18/2001 08:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.NEW^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\NEW\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.NEW^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.NEW\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\NEW\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\NEW\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=2 (0x2)
"helpsvc"=2 (0x2)
"ewido security suite control"=2 (0x2)
"Diskeeper"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)

-- End of Deckard's System Scanner: finished at 2008-04-11 02:33:32 ------------

Hijack log, Help My laptop needs to last another 3 weeks. - Geeks to Go Forums

Hijack log, Help My laptop needs to last another 3 weeks.

#1 deerpark99

#2 deerpark99

Share this topic:

Related Topics: