Thread: onlinegames.gen & heuri-e
View Single Post
Old 10-14-2007, 03:30 AM   #3 (permalink)
LYT4X
I helped the forums.
 
Join Date: Oct 2007
Location: Scotland
Posts: 33
OS: XP Pro SP2


Re: onlinegames.gen & heuri-e
Hi sUBs I was running a number of them prior to that scan - Adaware, Spybot & SpySweeper with a/v.

I have been running full scans three times a day and here is the latest DSS log (extra.txt did not appear this time):

Deckard's System Scanner v20070905.67
Run by Administrator on 2007-10-14 10:23:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:22, on 14/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O4 - HKLM\..\Run: [PTHOSTTR] "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" /Start
O4 - HKLM\..\Run: [SetRefresh] "C:\Program Files\Compaq\SetRefresh\SetRefresh.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O20 - AppInit_DLLs: winforms.dll
O23 - Service: 1E3F603C - Unknown owner - C:\WINDOWS\system32\80FEE47E.EXE (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2146 bytes

-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-12 14:16:48 0 d-------- C:\Program Files\SpywareBlaster
2007-10-12 09:41:16 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Program Files\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-12 09:40:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 09:35:04 164 --a------ C:\install.dat
2007-10-11 09:21:38 28672 --a------ C:\WINDOWS\system32\winforms.dll
2007-10-10 19:09:00 0 d-------- C:\Program Files\Trend Micro
2007-10-10 14:25:12 125440 --a------ C:\WINDOWS\system32\zauowa.dll
2007-10-10 13:54:40 125440 --a------ C:\WINDOWS\system32\ghowkw.dll
2007-10-10 13:50:22 125440 --a------ C:\WINDOWS\system32\chrghj.dll
2007-10-10 13:25:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-10 11:23:09 125440 --a------ C:\WINDOWS\system32\cfdvpa.dll
2007-10-10 11:19:41 125440 --a------ C:\WINDOWS\system32\jielaz.dll
2007-10-10 10:25:14 0 d-------- C:\WINDOWS\system32\NtmsData
2007-10-10 10:10:37 125440 --a------ C:\WINDOWS\system32\ykqkqs.dll
2007-10-10 10:05:58 125440 --a------ C:\WINDOWS\system32\ehuxlg.dll
2007-10-09 13:47:37 124416 --a------ C:\WINDOWS\system32\rrijtj.dll
2007-10-09 13:43:09 124416 --a------ C:\WINDOWS\system32\sxwjyq.dll
2007-10-09 12:42:46 124416 --a------ C:\WINDOWS\system32\ochtul.dll
2007-10-09 11:38:11 124416 --a------ C:\WINDOWS\system32\qyeksq.dll
2007-10-09 10:37:40 124416 --a------ C:\WINDOWS\system32\xbdooe.dll
2007-10-09 10:33:28 124416 --a------ C:\WINDOWS\system32\nhcrgk.dll
2007-10-08 15:11:33 124416 --a------ C:\WINDOWS\system32\fytxwo.dll
2007-10-08 10:19:47 34304 --a------ C:\WINDOWS\system32\SHQ.DLL
2007-10-08 10:19:46 20 --a------ C:\WINDOWS\system32\mhsha1.dat
2007-10-05 16:13:47 124416 --a------ C:\WINDOWS\system32\poaywc.dll
2007-09-17 17:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-09-15 15:03:07 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-15 15:01:55 0 d-------- C:\1bcb0232290cfe07501b89e7
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-15 15:01:51 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-15 15:01:22 0 d-------- C:\9073532e81ced276c0


-- Find3M Report ---------------------------------------------------------------

2007-10-12 12:03:01 0 d-------- C:\Program Files\Common Files
2007-10-03 14:46:30 0 d-------- C:\Program Files\DesignPro
2007-10-01 09:35:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailWasherPro
2007-09-19 12:44:32 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/04/2005 15:22]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/04/2005 15:19]
"RTHDCPL"="RTHDCPL.EXE" [08/03/2005 13:26 C:\WINDOWS\RTHDCPL.EXE]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [04/10/2005 23:23]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20/11/2003 19:01]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [01/12/2003 11:38]
"Logitech Utility"="Logi_MwX.Exe" [07/11/2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [19/07/2007 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/08/2007 09:44]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [30/08/2006 18:45:59]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [19/02/2006 04:21:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91974}"= winforms.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=winforms.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AClntUsr]
C:\Program Files\Aclient\AClntUsr.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPSrv]
C:\WINDOWS\AVPSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
C:\WINDOWS\cmdbcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GenProtect]
C:\WINDOWS\nkasnq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kvsc3]
C:\WINDOWS\Kvsc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msccrt]
C:\WINDOWS\msccrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
C:\WINDOWS\MsIMMs32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
C:\WINDOWS\MsPrint32D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVDispDrv]
C:\WINDOWS\sbhqby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
C:\WINDOWS\upxdnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AClient"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Persistence"=C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2007-10-14 10:23:50 ------------
LYT4X is offline