yup, sry didnt see rhat post at first lol here it is
Deckard's System Scanner v20071014.68
Run by Jordan Dingman on 2008-06-18 23:10:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Jordan Dingman.exe) --------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:57, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\McOEMMGr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxbycoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jordan Dingman\Local Settings\Temporary Internet Files\Content.IE5\PH0AB3MN\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JORDAN~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.geekstogo...35#entry1264435R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070614
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 7824 bytes
-- Files created between 2008-05-18 and 2008-06-18 -----------------------------
2008-06-18 23:02:17 1848 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-18 23:01:17 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-18 23:01:17 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-18 23:01:17 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-18 23:01:17 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-18 23:01:17 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-18 23:01:17 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-18 21:14:19 0 d-------- C:\WINDOWS\LastGood
2008-06-18 17:10:51 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Sun
2008-06-16 18:32:49 0 d-------- C:\Documents and Settings\Jordie\Application Data\SUPERAntiSpyware.com
2008-06-16 18:30:56 0 d---s---- C:\Documents and Settings\Jordie\Cookies
2008-06-14 23:21:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-14 23:21:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-14 23:21:16 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\SUPERAntiSpyware.com
2008-06-14 23:15:52 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\shcgfej0er37
2008-06-14 22:31:56 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Malwarebytes
2008-06-14 22:31:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 22:31:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-14 22:31:34 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-13 21:37:22 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Sonic
2008-06-13 21:34:51 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Leadertech
2008-06-13 20:22:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-13 16:03:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-13 16:01:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-12 21:32:24 0 d-------- C:\WINDOWS\system32\vmm32
2008-06-12 21:23:49 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\acccore
2008-06-12 21:23:11 0 d-------- C:\Program Files\AIM Search
2008-06-12 21:23:05 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-12 21:22:11 0 d-------- C:\Program Files\AIM6
2008-06-12 18:33:07 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Macromedia
2008-06-12 18:33:06 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Adobe
2008-06-12 18:32:16 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Mozilla
2008-06-12 18:14:34 0 d-------- C:\Program Files\CONEXANT
2008-06-12 18:05:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-12 18:02:38 0 d-------- C:\Program Files\McAfee.com
2008-06-12 18:02:32 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-12 17:27:14 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\MySpace
2008-06-12 17:27:08 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\FaxCtr
2008-06-12 16:51:01 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\InstallShield
2008-06-12 16:51:01 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\Identities
2008-06-12 16:51:01 0 d--h----- C:\Documents and Settings\Jordan Dingman\Application Data\Gtek
2008-06-12 16:51:01 0 d-------- C:\Documents and Settings\Jordan Dingman\Application Data\ATI
2008-06-12 16:51:00 0 d--h----- C:\Documents and Settings\Jordan Dingman\Templates
2008-06-12 16:51:00 0 dr------- C:\Documents and Settings\Jordan Dingman\Start Menu
2008-06-12 16:51:00 0 dr-h----- C:\Documents and Settings\Jordan Dingman\SendTo
2008-06-12 16:51:00 0 dr-h----- C:\Documents and Settings\Jordan Dingman\Recent
2008-06-12 16:51:00 0 d--h----- C:\Documents and Settings\Jordan Dingman\PrintHood
2008-06-12 16:51:00 0 d--h----- C:\Documents and Settings\Jordan Dingman\NetHood
2008-06-12 16:51:00 0 dr------- C:\Documents and Settings\Jordan Dingman\My Documents
2008-06-12 16:51:00 0 d--h----- C:\Documents and Settings\Jordan Dingman\Local Settings
2008-06-12 16:51:00 0 dr------- C:\Documents and Settings\Jordan Dingman\Favorites
2008-06-12 16:51:00 0 d-------- C:\Documents and Settings\Jordan Dingman\Desktop
2008-06-12 16:51:00 0 d---s---- C:\Documents and Settings\Jordan Dingman\Cookies
2008-06-12 16:51:00 0 dr-h----- C:\Documents and Settings\Jordan Dingman\Application Data
2008-06-12 16:50:59 2359296 --ah----- C:\Documents and Settings\Jordan Dingman\NTUSER.DAT
2008-06-12 16:39:25 0 d-------- C:\WINDOWS\Prefetch
2008-06-12 15:57:13 0 d-------- C:\WINDOWS\setup.pss
2008-06-12 11:59:11 0 d-------- C:\WINDOWS\dell
2008-06-11 22:13:16 0 d-------- C:\Program Files\Trend Micro
2008-05-21 18:23:01 1169 --a------ C:\WINDOWS\mozver.dat
-- Find3M Report ---------------------------------------------------------------
2008-06-18 21:12:47 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-06-18 21:12:44 47104 --a------ C:\WINDOWS\system32\Rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-06-14 22:31:34 0 d-------- C:\Program Files\Common Files
2008-06-12 21:32:23 0 d-------- C:\Program Files\Dell
2008-06-12 21:22:26 0 d-------- C:\Program Files\Common Files\AOL
2008-06-12 19:23:55 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-12 18:06:25 0 d-------- C:\Program Files\McAfee
2008-06-12 17:59:40 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-12 17:58:04 0 d-------- C:\Program Files\EA GAMES
2008-06-12 17:56:26 0 d-------- C:\Program Files\Yahoo!
2008-06-12 17:45:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 17:41:06 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-12 17:40:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-12 16:39:28 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2008-06-12 16:31:10 23444 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-12 16:20:48 62 --ahs---- C:\Documents and Settings\Jordan Dingman\Application Data\desktop.ini
2008-06-01 17:15:22 0 d-------- C:\Program Files\Lx_cats
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
06/06/2008 12:11 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [05/02/2007 19:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24]
"lxbymon.exe"="C:\Program Files\Lexmark P910 Series\lxbymon.exe" [01/18/2005 05:50]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [11/22/2004 13:29]
"@"="" []
"EzPrint"="C:\Program Files\Lexmark P910 Series\ezprint.exe" [09/17/2004 09:24]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 17:30 C:\WINDOWS\stsystra.exe]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [01/17/2007 17:30]
"LXBYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [11/02/2004 11:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/18/2007 21:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [06/06/2008 12:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/15/2008 17:35]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06/15/2008 17:34 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 06/15/2008 17:34 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
-- End of Deckard's System Scanner: finished at 2008-06-18 23:11:14 ------------