10-13-2007, 05:38 PM
|
#5 (permalink)
|
|
Registered User
Join Date: Sep 2007
Posts: 16
OS: XP
|
Re: Malware has taken over! Hijackthis logfile follows..
Thanks.
Smitfraud logfile:
Quote:
SmitFraudFix v2.240
Scan done at 18:33:11.79, Sat 10/13/2007
Run from C:\Documents and Settings\Michael\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Cox\Applications\app\WFRMailer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\sulimo.dat FOUND !
C:\WINDOWS\system32\vtr???.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michael\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Programs\Startup\autorun.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHAE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Common Files\\zysok.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="sulimo.dat"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Linksys Wireless-G PCI Adapter with SpeedBooster - Packet Scheduler Miniport
DNS Server Search Order: 68.105.28.11
DNS Server Search Order: 68.105.29.11
DNS Server Search Order: 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E35FCC2-7F71-4CB7-98FB-EEE20BF7AB85}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E35FCC2-7F71-4CB7-98FB-EEE20BF7AB85}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E35FCC2-7F71-4CB7-98FB-EEE20BF7AB85}: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.105.28.11 68.105.29.11 68.105.28.12
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
|
DSS (Main.txt.)
Quote:
Deckard's System Scanner v20070905.67
Run by Michael on 2007-10-13 18:40:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 1 Restore Point(s) --
1: 2007-10-13 23:40:06 UTC - RP600 - Deckard's System Scanner Restore Point
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 2.41 GiB (less than 15%) free.
-- HijackThis (run as Michael.exe) --------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-13 18:41:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cox\Applications\app\syssvcnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cox\Applications\app\WFRMailer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\Documents and Settings\Michael\Desktop\Michael.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slashdot.org/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Cox\Applications\app\PopupBHO01.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [ESP] C:\Program Files\Cox\Applications\app\start.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [rygorad] C:\Program Files\ComPlus Applications\rygorad77798.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\RunOnce: [SpybotDeletingA1103] command /c del "C:\WINDOWS\system32\printer.exe"
O4 - HKEY_LOCAL_MACHINE\..\RunOnce: [SpybotDeletingC2502] cmd /c del "C:\WINDOWS\system32\printer.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [fqfw] C:\PROGRA~1\COMMON~1\fqfw\fqfwm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: New Folder
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.torrentreactor.to (HKCU)
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 () - http://chat.goarmy.com:8563/Java/cfs40320.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...8f/wvc1dmo.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.2.89.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_13) - http://javadl-esd.sun.com/update/1.4...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O20 - AppInit_DLLs: sulimo.dat
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WMP54GSSVC - GEMTEKS - "C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe" "WMP54GSv1_1.exe"
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 catchme - c:\docume~1\michae~1\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&2E98101C&0&28F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&2E98101C&0&28F0
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: DAVICOM 9102-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_82120291&REV_40\4&2E98101C&0&50F0
Manufacturer: DAVICOM Semiconductor, Inc.
Name: DAVICOM 9102-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1282&DEV_9102&SUBSYS_82120291&REV_40\4&2E98101C&0&50F0
Service: DM9102
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_80F31043&REV_02\3&267A616A&0&FD
Service:
-- Files created between 2007-09-13 and 2007-10-13 -----------------------------
2007-10-13 18:33:46 1186 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-13 18:33:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-13 18:33:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-10-13 18:33:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-10-13 18:33:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-10-13 18:33:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-12 20:32:08 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-12 20:32:05 0 d-------- C:\WINDOWS\LastGood
2007-10-11 07:46:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-10-11 07:22:20 39424 --a------ C:\WINDOWS\system32\vtr.dll <Not Verified; ; IEHelper Module>
2007-10-11 07:22:20 7849 --a------ C:\WINDOWS\system32\sulimo.dat
2007-10-09 16:51:50 0 d-------- C:\WINDOWS\Sun
2007-10-09 16:51:29 0 d-------- C:\Documents and Settings\Michael\Application Data\Sun
2007-10-09 16:50:42 0 d-------- C:\Program Files\Java
2007-10-09 16:50:25 0 d-------- C:\Program Files\Common Files\Java
2007-10-09 11:59:32 301568 --a------ C:\WINDOWS\b148.exe
2007-10-07 18:46:36 35840 -ra------ C:\WINDOWS\tsitra11.exe
2007-10-05 23:28:20 0 d-------- C:\The Simpsons - Complete season 18
2007-10-01 18:35:38 0 d-------- C:\WINDOWS\fqfw
2007-10-01 18:35:38 0 d-------- C:\Program Files\Common Files\fqfw
2007-10-01 07:24:01 376832 --a------ C:\WINDOWS\system32\WinNB58.dll <Not Verified; ; MBar IES AFF>
2007-09-30 00:45:01 0 d-------- C:\Program Files\Common Files\??sks
2007-09-30 00:44:52 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-09-30 00:43:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-30 00:32:56 0 d-------- C:\Program Files\Temporary
2007-09-30 00:29:35 2 --a------ C:\WINDOWS\system32\wcpisvsu.exe
2007-09-30 00:29:33 0 d-------- C:\Program Files\?ecurity
2007-09-30 00:29:24 0 d-------- C:\Program Files\?asks
2007-09-26 07:19:52 184320 --a------ C:\WINDOWS\b111.exe
2007-09-22 16:12:56 0 d-------- C:\From the Earth to the Moon
2007-09-16 11:41:26 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-09-16 10:12:35 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-09-15 11:03:51 0 d-------- C:\Documents and Settings\Michael\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2007-10-13 18:36:48 0 d-------- C:\Program Files\PeerGuardian2
2007-10-13 11:34:51 0 d-------- C:\Program Files\eMule
2007-10-12 21:30:30 0 d-------- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2007-10-11 03:27:21 0 d-------- C:\Program Files\Common Files
2007-10-06 16:56:44 0 d-------- C:\Program Files\PokerStars
2007-10-04 04:46:58 142 --a------ C:\Program Files\Common Files\zysok.html
2007-10-02 11:33:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-02 11:13:45 0 d--h----- C:\Program Files\Common Files\Authentium Shared
2007-10-02 10:48:35 0 d-------- C:\Program Files\?asks
2007-09-30 00:45:48 0 d-------- C:\Program Files\?ecurity
2007-09-30 00:45:01 0 d-------- C:\Program Files\Common Files\??sks
2007-09-30 00:32:09 0 d-------- C:\Program Files\Sierra
2007-09-16 16:56:22 0 d-------- C:\Program Files\EA GAMES
2007-09-16 12:57:47 0 d-------- C:\Program Files\BitComet
2007-09-15 12:55:16 0 d-------- C:\Program Files\Firaxis Games
2007-09-15 12:54:58 0 d-------- C:\Documents and Settings\Michael Magee\Application Data\My Games
2007-09-12 13:39:22 0 d-------- C:\Documents and Settings\Michael Magee\Application Data\Bioshock
2007-09-09 09:57:49 0 d-------- C:\Program Files\MagicISO
2007-09-08 21:56:21 0 d-------- C:\Program Files\Maxis
2007-09-06 19:23:05 0 d-------- C:\Program Files\MSXML 4.0
2007-09-06 15:25:32 0 d-------- C:\Program Files\Common Files\Aluria
2007-09-06 15:25:23 0 d-------- C:\Program Files\Common Files\Authentium
2007-09-05 15:33:00 0 d-------- C:\Program Files\Save
2007-09-05 10:34:10 0 d-------- C:\Program Files\Electronic Arts
2007-09-05 07:09:59 0 d-------- C:\Program Files\Sierra Entertainment
2007-09-03 13:34:03 0 d-------- C:\Program Files\CENEGA
2007-08-30 10:14:36 86016 --a------ C:\WINDOWS\b147.exe
2007-08-25 03:14:06 0 d-------- C:\Program Files\America's Army
2007-07-19 06:10:58 69632 --a------ C:\WINDOWS\b143.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [03/19/2004 03:33 AM C:\WINDOWS\system32\CTHELPER.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/22/2006 01:22 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/05/2006 08:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/02/2006 02:18 PM]
"ESP"="C:\Program Files\Cox\Applications\app\start.exe" [05/09/2007 01:40 PM]
"rygorad"="C:\Program Files\ComPlus Applications\rygorad77798.exe" [08/07/2007 03:30 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe" [10/18/2006 11:42 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 07:01 AM]
"fqfw"="C:\PROGRA~1\COMMON~1\fqfw\fqfwm.exe" [07/19/2006 02:56 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA1103"=command /c del "C:\WINDOWS\system32\printer.exe"
"SpybotDeletingC2502"=cmd /c del "C:\WINDOWS\system32\printer.exe"
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [8/17/2006 5:00:47 PM]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 7:44:06 AM]
autorun.exe [10/11/2007 7:22:20 AM]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Common Files\zysok.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\system32\printer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sulimo.dat
*Newly Created Service* - GTNDIS5
-- Hosts -----------------------------------------------------------------------
192.168.200.3 ad.doubleclick.net
192.168.200.3 ad.fastclick.net
192.168.200.3 ads.fastclick.net
192.168.200.3 atdmt.com
192.168.200.3 awaps.net
192.168.200.3 banner.fastclick.net
192.168.200.3 banners.fastclick.net
192.168.200.3 click.atdmt.com
192.168.200.3 clicks.atdmt.com
192.168.200.3 engine.awaps.net
6792 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2007-10-13 18:45:17 ------------
|
Last edited by CamwynF; 10-13-2007 at 06:08 PM.
|
|
|