Deckard's System Scanner v20071014.68
Run by Bill Duke on 2008-03-26 14:32:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Bill Duke.exe) -------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:55 PM, on 2008-03-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Bill Duke\Local Settings\Temporary Internet Files\Content.IE5\AX2RU5AH\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BILLDU~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://start.earthlink.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.earthlink.net/partner/more/m ... earch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://start.earthlink.net/AL/SearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.earthlink.net/partner/more/m ... earch.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nytimes.com//?oref=loginR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://start.earthlink.net/AL/SearchR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF7843.exe /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone:
http://*.aim.comO15 - Trusted Zone:
http://www.youtube.comO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan.com/as/cabs/ascstubie.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{51832915-6E12-4EB8-AE47-05CCDF1DD721}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{8044A104-E4A8-440A-A9FF-FC4ABD011D74}: NameServer = 68.237.161.12 71.243.0.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{9768ACCE-6912-4E25-A5EA-9B06A348A818}: NameServer = 207.69.188.185,207.69.188.186
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 9349 bytes
-- Files created between 2008-02-26 and 2008-03-26 -----------------------------
2008-03-18 00:28:32 0 d------c- C:\WINDOWS\system32\LogFiles
2008-03-16 20:26:28 0 dr-h---c- C:\Documents and Settings\Bill Duke\Recent
2008-03-10 17:11:19 1584403 --a----c- C:\ComboFix.exe
2008-03-10 09:27:34 0 d------c- C:\ComboFix[1]
2008-03-08 21:33:24 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\BitTorrent
2008-03-08 21:33:11 0 d------c- C:\Program Files\DNA
2008-03-08 21:33:11 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\DNA
2008-03-08 21:33:09 0 d------c- C:\Program Files\BitTorrent
2008-03-01 03:25:13 0 d------c- C:\Combo-Fix[1]
-- Find3M Report ---------------------------------------------------------------
2008-03-19 00:22:42 1744 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-03-16 21:53:42 0 d------c- C:\Program Files\Common Files
2008-03-10 19:49:41 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\gtk-2.0
2008-02-28 11:45:08 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\WinPatrol
2008-02-24 23:56:47 0 d------c- C:\Program Files\BillP Studios
2008-02-20 17:44:27 0 d------c- C:\Program Files\Panda Security
2008-02-20 16:34:46 0 d------c- C:\Program Files\Alwil Software
2008-02-14 00:12:30 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Malwarebytes
2008-02-14 00:11:52 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-13 02:37:50 0 d------c- C:\Program Files\EarthLink TotalAccess
2008-02-11 15:19:59 0 d------c- C:\Program Files\Common Files\BitDefender
2008-02-11 14:27:08 0 d------c- C:\Program Files\Enigma Software Group
2008-02-11 14:10:05 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Apple Computer
2008-02-11 14:09:38 0 d------c- C:\Program Files\Safari
2008-02-11 14:07:41 0 d------c- C:\Program Files\Apple Software Update
2008-02-10 21:03:13 0 d------c- C:\Program Files\ewido anti-malware
2008-02-09 00:40:42 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Opera
2008-02-09 00:40:13 0 d------c- C:\Program Files\Opera
2008-02-08 00:20:23 0 d------c- C:\Program Files\Trend Micro
2008-02-07 13:41:12 0 --a----c- C:\WINDOWS\system32\SBRC.dat
2008-02-07 13:41:12 0 --a----c- C:\WINDOWS\system32\SBFC.dat
2008-02-07 10:58:24 0 d------c- C:\Documents and Settings\Bill Duke\Application Data\Sunbelt Software
2008-02-07 09:13:14 0 d------c- C:\Program Files\America Online 9.0
2008-01-12 01:25:36 2560 --a----c- C:\WINDOWS\_MSRSTRT.EXE
2008-01-08 12:39:11 1158 --a----c- C:\WINDOWS\mozver.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 12:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 12:41 PM]
"combofix"="C:\WINDOWS\system32\CF7843.exe" [2004-08-04 03:56 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 09:00 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-08 09:33 PM]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 03:24 PM]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00c27897-3fe5-11dc-a9fd-00038a000015}]
AutoRun\command- F:\Autorun.exe /run
Shell00\Command- F:\Autorun.exe /run
Shell01\Command- F:\Autorun.exe /action
Shell02\Command- F:\Autorun.exe /uninstall
-- End of Deckard's System Scanner: finished at 2008-03-26 14:34:11 ------------