Deckard's System Scanner v20071014.68
Run by MONIEC on 2008-08-11 07:40:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 6.65 GiB (less than 15%) free.
-- HijackThis (run as MONIEC.exe) ----------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 07:40:06
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MONIEC\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Cox High Speed Internet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O15 - Trusted Zone: https://www.bodoglife.com (HKCU)
O15 - Trusted Zone: https://cgi5.ebay.com (HKCU)
O15 - Trusted Zone: https://superbrokers42.com (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.micr...heckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152469941828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics....com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/...PA.cab40641.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/...on.cab40641.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
--
End of file - 6786 bytes
-- Files created between 2008-07-11 and 2008-08-11 -----------------------------
2008-08-09 13:05:38 0 d-------- C:\327882R2FWJFW
2008-08-09 12:27:08 1238 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-09 09:30:33 0 d-------- C:\Program Files\Trend Micro
2008-08-08 13:11:35 0 d-------- C:\Program Files\Smart Virus Remover
2008-08-08 13:09:13 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-08 13:02:05 0 d-------- C:\VundoFix Backups
2008-08-08 12:50:03 0 d-------- C:\HJT
2008-08-08 10:48:21 0 d-------- C:\bintheredunthat
2008-08-08 10:43:55 0 d-------- C:\BFU
2008-08-06 18:50:04 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Malwarebytes
2008-08-06 18:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 08:33:11 0 d-------- C:\Documents and Settings\MONIEC\Application Data\TmpRecentIcons
2008-08-01 20:24:32 0 d-------- C:\Program Files\iPod
2008-07-30 21:25:19 0 d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-07-26 07:13:14 0 d--h----- C:\WINDOWS\PIF
2008-07-25 23:53:35 0 d-------- C:\Program Files\WinSCP
2008-07-25 21:19:23 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Uniblue
2008-07-25 18:39:27 0 d-------- C:\Utilities
2008-07-24 23:02:25 0 d-------- C:\Program Files\Bonjour
2008-07-24 22:53:17 0 d-------- C:\Program Files\Safari
2008-07-24 21:37:23 169984 --a------ C:\Documents and Settings\MONIEC\ZiPhoneGUI.exe <Not Verified; ; ZiPhoneGUI>
2008-07-24 21:37:23 301568 --a------ C:\Documents and Settings\MONIEC\ziphone.exe <Not Verified; ZiPhone http://www.ziphone.org; ZiPhone>
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\no
2008-07-24 21:37:23 6166462 --a------ C:\Documents and Settings\MONIEC\Inga.dat
2008-07-24 21:37:23 3356266 --a------ C:\Documents and Settings\MONIEC\igor.dat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\I WANT THE Z ICON BACK.bat
2008-07-24 21:37:23 15 --a------ C:\Documents and Settings\MONIEC\ENTER DFU MODE.bat
2008-07-24 21:37:23 0 d-------- C:\Documents and Settings\MONIEC\docs
2008-07-24 21:37:23 9354 --a------ C:\Documents and Settings\MONIEC\dfu.dat
2008-07-24 21:37:23 17 --a------ C:\Documents and Settings\MONIEC\ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 33550336 --a------ C:\Documents and Settings\MONIEC\zibri.dat
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\UNLOCK ACTIVATE JAILBREAK IPHONE.bat
2008-07-24 21:37:21 311296 --a------ C:\Documents and Settings\MONIEC\QTMLClient.dll <Not Verified; Apple Inc.; QuickTime>
2008-07-24 21:37:21 17 --a------ C:\Documents and Settings\MONIEC\JAILBREAK IPHONE IPOD.bat
2008-07-24 21:37:21 1085440 --a------ C:\Documents and Settings\MONIEC\iTunesMobileDevice.dll <Not Verified; Apple Inc.; iTunesMobileDevice>
-- Find3M Report ---------------------------------------------------------------
2008-08-09 22:59:16 0 d-------- C:\Program Files\Bodog Poker
2008-08-09 13:18:45 0 d-------- C:\Program Files\Orb Networks
2008-08-09 08:53:19 0 d-------- C:\Program Files\PCPitstop
2008-08-08 07:41:11 0 d-------- C:\Program Files\Apple Software Update
2008-08-01 20:26:34 0 d-------- C:\Program Files\iTunes
2008-07-28 07:24:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 07:23:06 0 d-------- C:\Documents and Settings\MONIEC\Application Data\AdobeUM
2008-07-26 22:48:39 0 d-------- C:\Program Files\winpwn
2008-07-26 07:13:02 0 d-------- C:\Program Files\PartyGaming.Net
2008-07-25 19:35:19 0 d-------- C:\Program Files\Spyware Doctor
2008-07-25 18:53:45 0 d-------- C:\Program Files\iLiberty
2008-07-24 23:02:01 0 d-------- C:\Program Files\QuickTime
2008-06-26 16:46:15 0 d-------- C:\Documents and Settings\MONIEC\Application Data\Adobe
2008-05-12 18:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 18:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 18:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 18:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 18:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 18:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 17:22]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [05/25/2005 12:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 17:12]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CorrectConnect.lnk - C:\Program Files\CConnect\CConnect.exe [7/3/2006 10:03:42 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 22:34 24576 C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TPSrv"=2 (0x2)
"PNMSRV"=2 (0x2)
"pmshellsrv"=2 (0x2)
"PAVSRV"=2 (0x2)
"PavPrSrv"=2 (0x2)
"PAVFNSVR"=2 (0x2)
"iPod Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
-- End of Deckard's System Scanner: finished at 2008-08-11 07:40:44 ------------