Deckard's System Scanner v20071014.68 Run by Lukas on 2007-10-25 21:31:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- [color=red]System Drive C: has 23.66 GiB (less than 15%) free.[/color] -- HijackThis (run as Lukas.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:31:52, on 2007-10-25 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\xampp\filezillaftp\filezillaserver.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\xampp\mysql\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Labtec\Mouse\V3.0\moffice.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\WINDOWS\stsystra.exe C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Lukas\Desktop\Security\dss.exe C:\DOCUME~1\Lukas\Desktop\Security\Lukas.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - (no file) O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Tlumacz z LING... - http://www.ling.pl/ling/def-src.php4 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180567282390 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\xampp\filezillaftp\filezillaserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MpfService - McAfee - (no file) O23 - Service: MySql - Unknown owner - C:/Program Files/xampp/mysql/bin/mysqld-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (file missing) -- Files created between 2007-09-25 and 2007-10-25 ----------------------------- 2007-10-25 20:40:56 0 d-------- C:\WINDOWS\ERUNT 2007-10-25 08:45:14 2618 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-24 00:25:54 0 d-------- C:\Program Files\MSECache 2007-10-14 03:13:26 40960 --a------ C:\WINDOWS\system32\SSUBTMR6.DLL 2007-10-14 03:13:26 10752 --a------ C:\WINDOWS\system32\aamd532.dll 2007-10-14 03:04:16 0 d-------- C:\Program Files\AutoPatcher 2007-10-14 02:24:56 0 d-------- C:\Documents and Settings\Lukas\Application Data\ZipGenius 2007-10-14 02:24:07 0 d-------- C:\Program Files\ZipGenius 6 2007-10-13 17:34:35 0 d-------- C:\Program Files\Anasil 2 DEMO 2007-10-13 17:11:44 0 d-------- C:\Program Files\Network Stumbler 2007-09-30 15:21:51 0 d-------- C:\Documents and Settings\Lukas\Application Data\Silver Style Entertainment 2007-09-30 15:07:33 0 d-------- C:\Program Files\Silver Style Entertainment 2007-09-29 21:14:14 0 d-------- C:\Program Files\Sprytne Katalogowanie (demo) 2007-09-29 19:07:58 0 d-------- C:\Program Files\RadioXpi -- Find3M Report --------------------------------------------------------------- 2007-10-25 21:31:43 0 d-------- C:\Program Files\PeerGuardian2 2007-10-25 08:24:11 0 d-------- C:\Documents and Settings\Lukas\Application Data\MegauploadToolbar 2007-10-24 01:49:41 348 --a------ C:\Documents and Settings\Lukas\Application Data\mainhst.zgh 2007-10-19 08:02:02 41863 --a------ C:\WINDOWS\system32\nvModes.dat 2007-10-18 22:31:08 0 d-------- C:\Program Files\mIRC 2007-10-15 22:16:55 187 --a------ C:\Documents and Settings\Lukas\Application Data\G-Force Prefs (WindowsMediaPlayer).txt 2007-10-14 01:33:48 0 d-------- C:\Program Files\WinAce 2007-10-13 22:03:52 0 d-------- C:\Documents and Settings\Lukas\Application Data\Apple Computer 2007-10-03 21:27:02 0 d-------- C:\Documents and Settings\Lukas\Application Data\Adobe 2007-09-30 10:37:37 0 d-------- C:\Program Files\SPSS 2007-09-29 19:08:12 7485 --a----c- C:\WINDOWS\mozver.dat 2007-09-22 00:42:36 0 d-------- C:\Program Files\EVEREST Ultimate Edition 2007-09-21 23:21:08 0 d-------- C:\Program Files\S.T.A.L.K.E.R. - Shadow of Chernobyl 2007-09-21 22:51:52 0 d-------- C:\Program Files\IsoBuster 2007-09-20 21:44:41 0 d-------- C:\Program Files\SystemRequirementsLab 2007-09-20 21:44:22 0 d-------- C:\Documents and Settings\Lukas\Application Data\SystemRequirementsLab 2007-09-20 21:10:33 0 d-------- C:\Program Files\MoorHunt 2007-09-19 20:32:38 0 d-------- C:\Documents and Settings\Lukas\Application Data\MargonemMapki 2007-09-10 16:19:12 0 d-------- C:\Documents and Settings\Lukas\Application Data\Google 2007-09-10 16:18:48 0 d-------- C:\Program Files\Google 2007-09-10 13:08:35 0 d-------- C:\Program Files\iTunes 2007-09-10 13:08:26 0 d-------- C:\Program Files\iPod 2007-09-10 13:07:50 0 d-------- C:\Program Files\Common Files 2007-09-10 13:07:50 0 d-------- C:\Program Files\Common Files\Apple 2007-09-09 20:52:22 0 d-------- C:\Program Files\QuickTime 2007-09-09 20:51:24 0 d-------- C:\Program Files\Apple Software Update 2007-09-09 02:00:54 0 d-------- C:\Program Files\Soulseek 2007-08-31 00:17:29 0 d-------- C:\Documents and Settings\Lukas\Application Data\Azureus 2007-08-02 04:25:44 1428 --a------ C:\WINDOWS\unins000.dat 2007-08-01 23:32:56 18254 --a------ C:\Documents and Settings\Lukas\Application Data\phpdesigner2007_5_1.xml -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 21:01] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-25 11:28] "nwiz"="nwiz.exe" [2006-04-25 11:28 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-03-21 12:03 C:\WINDOWS\system32\nvhotkey.dll] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 12:00 C:\WINDOWS\system32\bthprops.cpl] "NWEReboot"="" [] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe" [2006-09-05 19:30] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-02-20 12:29] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-18 19:55] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SetDefaultMIDI"="MIDIDef.exe" [] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "WinampAgent"=C:\Program Files\Winamp\winampa.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - PGFILTER -- End of Deckard's System Scanner: finished at 2007-10-25 21:32:07 ------------