Deckard's System Scanner v20071014.68
Run by  on 2008-06-17 14:56:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-17 10:57:03 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-17 08:40:54 UTC - RP1 -   


Backed up registry hives.
Performed disk cleanup.

[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]
[color=red]Total Physical Memory: 248 MiB (512 MiB recommended).[/color]
[color=red]System Drive C: has 1.86 GiB (less than 15%) free.[/color]


-- HijackThis (run as .exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:35, on 17.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Distr\\dss.exe
D:\Distr\\HIJACK~1\.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:4480
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: @Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O3 - Toolbar: @Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] ; SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MAgent] ; C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &  Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Mail.Ru  - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (file missing)
O9 - Extra 'Tools' menuitem: Mail.Ru  - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe (file missing)
O9 - Extra button:   - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zix-auto.local
O17 - HKLM\Software\..\Telephony: DomainName = zix-auto.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD08E8D4-DB62-4311-87FF-43053091FC0D}: NameServer = 192.168.0.2,87.244.2.202
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zix-auto.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zix-auto.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service:   (Eventlog) -   - C:\WINDOWS\system32\services.exe
O23 - Service:  COM  - IMAPI (ImapiService) -   - C:\WINDOWS\system32\imapi.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) -   - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) -   - C:\WINDOWS\system32\services.exe
O23 - Service:        (RDSessMgr) -   - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: - (SCardSvr) -   - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service:     (SysmonLog) -   - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service:    (VSS) -   - C:\WINDOWS\System32\vssvc.exe
O23 - Service:   WMI (WmiApSrv) -   - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 4869 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BIOS - c:\windows\system32\drivers\bios.sys <Not Verified; BIOSTAR Group; BIOSTAR I/O driver fle>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 10:23:52         0 d-------- C:\Documents and Settings\\DoctorWeb
2008-06-16 12:57:34         0 d-------- C:\Documents and Settings\.ZIX-AUTO\Application Data\MxBoost
2008-06-16 12:48:22         0 d-------- C:\Documents and Settings\botova\Application Data\Identities
2008-06-16 12:48:01         0 d--h----- C:\Documents and Settings\botova\
2008-06-16 12:48:01         0 d-------- C:\Documents and Settings\botova\ 
2008-06-16 12:48:01         0 dr------- C:\Documents and Settings\botova\ 
2008-06-16 12:48:01         0 dr------- C:\Documents and Settings\botova\
2008-06-16 12:48:01         0 dr------- C:\Documents and Settings\botova\ 
2008-06-16 12:48:01         0 dr-h----- C:\Documents and Settings\botova\SendTo
2008-06-16 12:48:01         0 dr-h----- C:\Documents and Settings\botova\Recent
2008-06-16 12:48:01         0 d--h----- C:\Documents and Settings\botova\PrintHood
2008-06-16 12:48:01    524288 --ah----- C:\Documents and Settings\botova\NTUSER.DAT
2008-06-16 12:48:01         0 d--h----- C:\Documents and Settings\botova\NetHood
2008-06-16 12:48:01         0 d--h----- C:\Documents and Settings\botova\Local Settings
2008-06-16 12:48:01         0 d---s---- C:\Documents and Settings\botova\Cookies
2008-06-16 12:48:01         0 dr-h----- C:\Documents and Settings\botova\Application Data
2008-06-16 12:48:01         0 d---s---- C:\Documents and Settings\botova\Application Data\Microsoft
2008-06-16 12:00:59         0 d-------- C:\Documents and Settings\bogdanova.JENIA\Application Data\Corel
2008-06-16 11:52:08         0 d---s---- C:\Documents and Settings\bogdanova.JENIA\UserData
2008-06-16 11:37:26         0 d-------- C:\Documents and Settings\bogdanova.JENIA\Application Data\Macromedia
2008-06-16 11:37:26         0 d-------- C:\Documents and Settings\bogdanova.JENIA\Application Data\Adobe
2008-06-16 11:25:53         0 d-------- C:\Program Files\UPHClean
2008-06-16 11:10:12         0 d-------- C:\Program Files\Far
2008-06-16 11:06:39         0 d-------- C:\Documents and Settings\bogdanova.JENIA\Application Data\MxBoost
2008-06-16 11:06:12         0 d-------- C:\Documents and Settings\bogdanova.JENIA\Application Data\Identities
2008-06-16 11:05:59         0 d--h----- C:\Documents and Settings\bogdanova.JENIA\
2008-06-16 11:05:59         0 d-------- C:\Documents and Settings\bogdanova.JENIA\ 
2008-06-16 11:05:59         0 dr------- C:\Documents and Settings\bogdanova.JENIA\ 
2008-06-16 11:05:59         0 dr------- C:\Documents and Settings\bogdanova.JENIA\
2008-06-16 11:05:59         0 dr------- C:\Documents and Settings\bogdanova.JENIA\ 
2008-06-16 11:05:59         0 dr-h----- C:\Documents and Settings\bogdanova.JENIA\SendTo
2008-06-16 11:05:59         0 dr-h----- C:\Documents and Settings\bogdanova.JENIA\Recent
2008-06-16 11:05:59         0 d--h----- C:\Documents and Settings\bogdanova.JENIA\PrintHood
2008-06-16 11:05:59         0 d--h----- C:\Documents and Settings\bogdanova.JENIA\NetHood
2008-06-16 11:05:59         0 d--h----- C:\Documents and Settings\bogdanova.JENIA\Local Settings
2008-06-16 11:05:59         0 d---s---- C:\Documents and Settings\bogdanova.JENIA\Cookies
2008-06-16 11:05:59         0 dr-h----- C:\Documents and Settings\bogdanova.JENIA\Application Data
2008-06-16 11:05:59         0 d---s---- C:\Documents and Settings\bogdanova.JENIA\Application Data\Microsoft
2008-06-16 11:05:58    786432 --ah----- C:\Documents and Settings\bogdanova.JENIA\NTUSER.DAT
2008-06-11 07:24:22       222 --a------ C:\Documents and Settings\bogdanova\delself.bat
2008-06-07 15:55:12         0 d-------- C:\Program Files\DevalVR


-- Find3M Report ---------------------------------------------------------------

2008-04-29 11:24:19         0 d-------- C:\Documents and Settings\.ZIX-AUTO\Application Data\Corel
2008-04-29 11:17:29         0 d-------- C:\Documents and Settings\.ZIX-AUTO\Application Data\Adobe
2008-04-24 06:39:04         0 d-------- C:\Program Files\Maxthon2
2008-03-31 08:45:49    343488 --a------ C:\WINDOWS\system32\perfh019.dat
2008-03-31 08:45:49     47750 --a------ C:\WINDOWS\system32\perfc019.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}]
10.09.2007 12:51	366080	--a------	C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{09900DE8-1DCA-443F-9243-26FF581438AF}"= C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll [10.09.2007 12:51 366080]

[-HKEY_CLASSES_ROOT\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}]
[HKEY_CLASSES_ROOT\MailRu.MailRuSputnikObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{D9396DCA-81B4-4C62-8C48-619573A3C4E6}]
[HKEY_CLASSES_ROOT\MailRu.MailRuSputnikObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [28.11.2005 09:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [28.11.2005 09:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [28.11.2005 09:55]
"RTHDCPL"="RTHDCPL.EXE" [21.07.2006 12:56 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16.05.2006 14:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 14:43 C:\WINDOWS\Alcmtr.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [28.06.2007 11:26]
"MAgent"="C:\Program Files\Mail.Ru\Agent\MAgent.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 16:04]




-- End of Deckard's System Scanner: finished at 2008-06-17 14:57:57 ------------

