Deckard's System Scanner v20071014.68 Run by martha on 2008-05-21 12:10:46 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 2 Restore Point(s) -- 2: 2008-05-21 17:10:54 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2008-05-21 16:36:38 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-05-21 12:12:52 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\M?crosoft\mmc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\WINDOWS\system32\svchost.exe C:\Support\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {CAA7AD12-1CFE-3803-895D-39E6728E0EE6} - C:\WINDOWS\system32\rspfrg.dll (file missing) O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Tead] "C:\PROGRA~1\COMMON~1\MCROSO~1\mmc.exe" -vt yazb O4 - HKCU\..\Run: [Uszflu] "C:\Program Files\?ymbols\r?ndll32.exe" O4 - HKCU\..\Run: [Pvzg] C:\WINDOWS\system32\??stem\i?xplore.exe O4 - HKCU\..\Run: [Dsa] "C:\Program Files\?icrosoft\r?ndll32.exe" O4 - HKCU\..\Run: [Jjofme] "C:\Documents and Settings\martha\My Documents\?icrosoft.NET\?hkntfs.exe" O4 - HKCU\..\Run: [Mzbxpr] "C:\Program Files\Common Files\T?sks\??oolsv.exe" O4 - HKCU\..\Run: [Pdilskn] C:\WINDOWS\system32\?dobe\?poolsv.exe O4 - HKCU\..\Run: [Jen] C:\WINDOWS\system32\F?nts\e?plorer.exe O4 - HKCU\..\Run: [Jrkdd] C:\WINDOWS\system32\?ecurity\??xplore.exe O4 - HKCU\..\Run: [Cgb] "C:\Program Files\??crosoft\n?tepad.exe" O4 - HKCU\..\Run: [Cwq] "C:\Documents and Settings\martha\Application Data\?ecurity\??chost.exe" O4 - HKCU\..\Run: [Rmq] C:\WINDOWS\?ystem32\??anregw.exe O4 - HKCU\..\Run: [Qbk] "C:\Program Files\Common Files\?ppPatch\t?skmgr.exe" O4 - HKCU\..\Run: [Ybqot] "C:\Program Files\F?nts\s?rvices.exe" O4 - HKCU\..\Run: [Dpwmxau] C:\WINDOWS\system32\M?crosoft.NET\s?ool32.exe O4 - HKCU\..\Run: [Nnox] C:\WINDOWS\?ymbols\w?nword.exe O4 - HKCU\..\Run: [Kackzvu] "C:\Program Files\??crosoft\r?gedit.exe" O4 - HKCU\..\Run: [Xjfbvf] C:\WINDOWS\system32\s?mbols\s?oolsv.exe O4 - HKCU\..\Run: [Oes] "C:\Program Files\Common Files\?ymbols\??ool32.exe" O4 - HKCU\..\Run: [Douesrv] "C:\Program Files\Common Files\?dobe\m?config.exe" O4 - HKCU\..\Run: [Ktd] "C:\Documents and Settings\martha\My Documents\F?nts\w?aclt.exe" O4 - HKCU\..\Run: [Mrihjuy] "C:\Program Files\??crosoft\w?auclt.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142439276859 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142439619203 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\Software\..\Telephony: DomainName = drchome.local O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = drchome.local O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = drchome.local O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Action Script - Unknown owner - C:\WINDOWS\system32\scvhost.exe -- End of file - 8927 bytes -- File Associations ----------------------------------------------------------- [COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR] [COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- S3 catchme - c:\docume~1\martha\locals~1\temp\catchme.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" S2 Windows Action Script - "c:\windows\system32\scvhost.exe" (file missing) S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" S4 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-20 08:32:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-04-21 and 2008-05-21 ----------------------------- 2008-05-21 11:43:41 0 d-------- C:\Documents and Settings\martha\Application Data\Malwarebytes 2008-05-21 11:43:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-21 11:43:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-21 01:27:47 0 d-------- C:\Documents and Settings\martha\.housecall6.6 2008-05-20 22:40:06 0 d-------- C:\WINDOWS\ERUNT 2008-05-20 22:20:57 0 d-------- C:\WINDOWS\system32\appmgmt 2008-05-17 17:18:26 10059 --a------ C:\startup.exe 2008-05-17 17:16:49 4 --a------ C:\WINDOWS\system32\hljwugsf.bin 2008-05-04 10:11:00 0 d-------- C:\WINDOWS\system32\??sembly 2008-05-03 09:47:12 0 d-------- C:\WINDOWS\system32\??mantec -- Find3M Report --------------------------------------------------------------- 2008-05-20 23:11:24 0 d-------- C:\Program Files\Common Files\?racle 2008-05-20 22:20:57 0 d-------- C:\Program Files\Common Files 2008-05-20 22:19:31 0 d-------- C:\Program Files\Common Files\AOL 2008-05-20 22:12:03 0 d-------- C:\Program Files\Google 2008-05-20 09:53:37 0 d-------- C:\Program Files\Java 2008-05-17 17:20:52 0 d-------- C:\Program Files\Common Files\M?crosoft 2008-05-17 17:16:14 0 d-------- C:\Documents and Settings\martha\Application Data\AdobeUM 2008-05-09 12:08:21 0 d-------- C:\Program Files\?ymbols 2008-05-06 19:36:11 0 d-------- C:\Program Files\Apple Software Update 2008-05-04 13:17:31 0 d-------- C:\Program Files\s?stem32 2008-05-04 13:17:31 0 d-------- C:\Documents and Settings\martha\Application Data\?ppPatch 2008-05-01 10:17:07 0 d-------- C:\Documents and Settings\martha\Application Data\??mantec 2008-04-27 14:09:30 0 d-------- C:\Program Files\Quicken 2008-04-15 10:34:09 0 d-------- C:\Program Files\Common Files\??curity 2008-04-15 10:07:23 0 d-------- C:\Program Files\TroopMaster 2005 2008-04-14 09:30:56 0 d-------- C:\Program Files\?ystem32 2008-04-13 22:33:44 0 d-------- C:\Program Files\AIM Search 2008-04-13 08:50:26 0 d-------- C:\Program Files\Common Files\??pPatch 2008-04-11 08:38:50 0 d-------- C:\Documents and Settings\martha\Application Data\?ymbols 2008-04-07 00:46:00 0 d-------- C:\Documents and Settings\martha\Application Data\?racle 2008-04-06 15:47:49 0 d-------- C:\Program Files\??crosoft 2008-04-06 00:29:22 0 d-------- C:\Program Files\Common Files\?racle 2008-03-30 20:42:42 0 d-------- C:\Documents and Settings\martha\Application Data\s?mbols 2008-03-27 19:59:44 0 d-------- C:\Program Files\s?stem -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CAA7AD12-1CFE-3803-895D-39E6728E0EE6}] C:\WINDOWS\system32\rspfrg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [07/30/2002 12:35 PM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 08:43 PM] "nwiz"="nwiz.exe" [08/11/2006 08:43 PM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 08:43 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM] "Tead"="C:\PROGRA~1\COMMON~1\MCROSO~1\mmc.exe" [05/17/2008 05:20 PM] "Uszflu"="C:\Program Files\?ymbols\r?ndll32.exe" [] "Pvzg"="C:\WINDOWS\system32\??stem\i?xplore.exe" [] "Dsa"="C:\Program Files\?icrosoft\r?ndll32.exe" [] "Jjofme"="C:\Documents and Settings\martha\My Documents\?icrosoft.NET\?hkntfs.exe" [] "Mzbxpr"="C:\Program Files\Common Files\T?sks\??oolsv.exe" [] "Pdilskn"="C:\WINDOWS\system32\?dobe\?poolsv.exe" [] "Jen"="C:\WINDOWS\system32\F?nts\e?plorer.exe" [] "Jrkdd"="C:\WINDOWS\system32\?ecurity\??xplore.exe" [] "Cgb"="C:\Program Files\??crosoft\n?tepad.exe" [] "Cwq"="C:\Documents and Settings\martha\Application Data\?ecurity\??chost.exe" [] "Rmq"="C:\WINDOWS\?ystem32\??anregw.exe" [] "Qbk"="C:\Program Files\Common Files\?ppPatch\t?skmgr.exe" [] "Ybqot"="C:\Program Files\F?nts\s?rvices.exe" [] "Dpwmxau"="C:\WINDOWS\system32\M?crosoft.NET\s?ool32.exe" [] "Nnox"="C:\WINDOWS\?ymbols\w?nword.exe" [] "Kackzvu"="C:\Program Files\??crosoft\r?gedit.exe" [] "Xjfbvf"="C:\WINDOWS\system32\s?mbols\s?oolsv.exe" [] "Oes"="C:\Program Files\Common Files\?ymbols\??ool32.exe" [] "Douesrv"="C:\Program Files\Common Files\?dobe\m?config.exe" [] "Ktd"="C:\Documents and Settings\martha\My Documents\F?nts\w?aclt.exe" [] "Mrihjuy"="C:\Program Files\??crosoft\w?auclt.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\martha\Start Menu\Programs\Startup\ DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe [6/22/2006 2:15:48 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/9/2007 5:13:18 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys] @="driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2008-05-21 12:13:46 ------------