Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
I believe something deeply hidden is affecting my computer I believe something deeply hidden is affecting my computer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 05-17-2007, 09:26 PM   #1 (permalink)
Registered User
 
Join Date: May 2007
Location: SW WA
Posts: 3
OS: WinXP


I believe something deeply hidden is affecting my computer
These items try to install on my computer periodically "keykey," "keykey2001," "screenlogger," "keykey2002," "aureate-radiate," & "ps2 and SpySweeper stops them from installing. Although my computer seems to be running okay there are little things that happen from time to time that make me suspicious that there is something buried deep in my computer that is causing things to not work properly.

I read the stickys and followed the 5 steps.

1. I checked for Rogueware and had none.

2. Adaware found nothing.

The below makes me suspicious:
I did the Panda ActiveScan and when it was quite a ways into the scan the Panda pages just disappered and that was the end of the Panda scan. So I started the Panda Scan again and watched it off and on. At my last count there were 11 spywares and 4 Hacking tools & Rootkits.

I have been running Spyware Blaster and IE-Spyad for a long time.

4. My OS is updated.

5. I ran Deckard's System Scanner and attached to this post.

Thanks for help of anybody that can help me get to the bottom of what I think is a deeply seated problem, maybe even a rootkit.

Jim
===

Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-17 at 20:26:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-05-18 03:26:43 UTC - RP461 - Deckard's System Scanner Restore Point
1: 2007-05-17 0436 UTC - RP460 - Installed OpenOffice.org 2.2


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:28:04 PM, on 5/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\KH Blocker\khb.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\RoboTaskBarIcon.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\PC ATOMIC SYNC\BSAtomic.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\SPYWARE APPS\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgamsvr.exe
C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgupsvc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgemc.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\windows\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SPYWARE APPS\SPY SWEEPER\SpySweeper.exe
C:\Program Files\Vongo\VongoService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\SPYWAR~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.refdesk.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.refdesk.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\roboform.dll
O4 - HKLM\..\Run: [KH Blocker] "C:\Program Files\KH Blocker\khb.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SPYWARE APPS\SPYWAREBLASTER\sbautoupdate.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\SPYWARE APPS\SPY SWEEPER\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [TClockEx] "C:\Program Files\TCLOCKEX\TCLOCKEX.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\RoboTaskBarIcon.exe"
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MAILWASHER PRO\MailWasher.exe
O4 - Startup: PC Atomic Sync.lnk = C:\Program Files\PC ATOMIC SYNC\BSAtomic.exe
O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\RoboFormComShowToolbar.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1156346711596
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SABWinLogon - C:\windows\
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\SPYWARE APPS\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\SPYWAR~1\AVGANT~1\avgemc.exe
O23 - Service: EODTIDQ - Unknown owner - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\SPYWARE APPS\SPY SWEEPER\SpySweeper.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\SPYWAR~1\HIJACK~1\backups\) -----------

backup-20060107-152735-592 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
backup-20060107-152735-686 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
backup-20060107-152735-767 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
backup-20060107-152735-812 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.refdesk.com
backup-20060107-152735-864 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
backup-20060107-152735-895 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.refdesk.com
backup-20060107-152735-965 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us7.hpwis.com/
backup-20060107-220340-824 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
backup-20060107-220340-832 O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
backup-20060108-101609-504 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com
backup-20060108-133042-395 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com
backup-20060108-133042-665 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.refdesk.com/
backup-20060523-144826-557 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.refdesk.com
backup-20060523-144827-317 O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - C:\Program Files\Mass Downloader\MDHELPER.DLL (file missing)
backup-20060523-144827-349 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20060523-144827-526 O8 - Extra context menu item: + Mass Downloader: download &All files - C:\Program Files\Mass Downloader\Add_All.htm
backup-20060523-144827-537 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.refdesk.com
backup-20060523-144827-712 O8 - Extra context menu item: + &Mass Downloader: download this file - C:\Program Files\Mass Downloader\Add_Url.htm
backup-20060523-144828-260 O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://63.241.168.238/ae/ecwplugins/ncs1.cab
backup-20060523-144828-752 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1146618504234
backup-20060523-144829-317 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
backup-20060523-144830-755 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
backup-20060523-144917-549 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.refdesk.com
backup-20060523-144917-750 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.refdesk.com
backup-20061017-144815-832 O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
backup-20070221-234641-314 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.refdesk.com
backup-20070221-234641-744 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.refdesk.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 giveio - c:\windows\system32\giveio.sys
R0 hotcore - c:\windows\system32\drivers\hotcore.sys <Not Verified; Paragon Software Group; HotBackup>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 Stltrk2k - c:\windows\system32\drivers\stltrk2k.sys <Not Verified; SCM Microsystems Inc.; Support Driver for SCM Win2K Applications>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 Kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 EUSBMSD (eUSB Mass Storage Driver) - c:\windows\system32\drivers\eusbmsd.sys <Not Verified; SCM Microsystems Inc.; eUSB SmartMedia driver>
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 RRSPY - c:\windows\system32\drivers\rrspy.sys <Not Verified; Resplendence; MultiMon>
S3 TDIMSYS - c:\windows\system32\drivers\tdimsys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>
R3 Vongo Service - c:\program files\vongo\vongoservice.exe <Not Verified; Starz Entertainment Group LLC; Vongo>

S3 EODTIDQ -
S3 SandraDataSrv (Sandra Data Service) -
S3 SandraTheSrv (Sandra Service) -
S4 SABSVC -


-- Scheduled Tasks -------------------------------------------------------------

2007-05-14 02:00:00 812 --a------ C:\windows\Tasks\wrSpySweeperTrialSweep.job


-- Files created between 2007-04-17 and 2007-05-17 -----------------------------

2007-05-17 18:35:08 0 d-------- C:\windows\system32\ActiveScan
2007-05-17 18:35:06 0 d-------- C:\windows\LastGood
2007-05-17 18:07:56 0 d-------- C:\Program Files\NoteTab Light
2007-05-17 10:45:00 0 d-------- C:\Documents and Settings\Owner\Application Data\DivX
2007-05-16 21:09:24 0 d-------- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2007-05-16 2142 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-05-15 06:31:27 4096 --a------ C:\windows\system32\ps.exe
2007-05-10 06:49:35 75776 --ah----- C:\Documents and Settings\Owner\Application Data\ZZipUtilitiesV02.dll
2007-05-10 06:49:35 65536 --ah----- C:\Documents and Settings\Owner\Application Data\WindowsSecurity.dll
2007-05-10 06:49:33 53248 --ah----- C:\Documents and Settings\Owner\Application Data\Notification.dll
2007-05-10 06:49:32 29184 --ah----- C:\Documents and Settings\Owner\Application Data\RBInternetEncodings550.dll
2007-05-10 06:49:31 38912 --ah----- C:\Documents and Settings\Owner\Application Data\RBShell550.dll
2007-05-10 06:49:29 88576 --ah----- C:\Documents and Settings\Owner\Application Data\rbap550.dll
2007-05-09 12:22:57 0 --a------ C:\Documents and Settings\Owner\Tdimon log 2007 0509 12
2007-05-09 12:10:16 0 --a------ C:\Documents and Settings\Owner\Tdimon log file 2007 0509 12
2007-05-06 11:46:11 1658880 --a------ C:\windows\system32\ExGrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2007-05-06 11:40:47 0 d-------- C:\Program Files\DivX
2007-05-06 10:52:25 0 d-------- C:\Program Files\GSpot 2.70a - Codec Information Appliance
2007-05-06 10:39:12 0 d-------- C:\Program Files\Sherlock - The Codec Detective
2007-05-02 11:04:23 524288 --a------ C:\windows\system32\DivXsm.exe <Not Verified; DivX Inc.; DivX Inc. divxsm>
2007-05-02 11:04:19 3596288 --a------ C:\windows\system32\qt-dx331.dll
2007-05-02 11:04:06 1044480 --a------ C:\windows\system32\libdivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-05-02 11:04:05 200704 --a------ C:\windows\system32\ssldivx.dll <Not Verified; The OpenSSL Project, http://www.openssl.org/; The OpenSSL Toolkit>
2007-05-02 11:02:06 196608 --a------ C:\windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-05-02 11:02:06 73728 --a------ C:\windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-05-02 11:02:04 53248 --a------ C:\windows\system32\dpuGUI10.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI10>
2007-05-02 11:02:02 57344 --a------ C:\windows\system32\dpv11.dll <Not Verified; DivXNetworks; DivXNetworks dpv11>
2007-05-02 11:02:02 344064 --a------ C:\windows\system32\dpus11.dll <Not Verified; DivXNetworks; DivXNetworks dpus11>
2007-05-02 11:02:02 593920 --a------ C:\windows\system32\dpuGUI11.dll <Not Verified; DivXNetworks; DivXNetworks dpuGUI11>
2007-05-02 11:02:02 294912 --a------ C:\windows\system32\dpu11.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-05-02 11:02:02 294912 --a------ C:\windows\system32\dpu10.dll <Not Verified; DivXNetworks; DivXNetworks dpu11>
2007-05-02 11:01:56 802816 --a------ C:\windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-05-02 11:01:56 823296 --a------ C:\windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-02 11:01:56 823296 --a------ C:\windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-02 11:01:56 740442 --a------ C:\windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-05-01 19:33:57 12288 --a------ C:\windows\system32\DivXWMPExtType.dll
2007-05-01 12:08:44 0 d-------- C:\Program Files\FRee Agent
2007-04-30 18:22:10 0 d-------- C:\Program Files\EZTakes
2007-04-20 16:51:09 0 d-------- C:\Documents and Settings\All Users\Application Data\StarzEntertainment
2007-04-17 08:35:46 0 d-------- C:\UZIPPED


-- Find3M Report ---------------------------------------------------------------

2007-05-17 19:53:20 0 d-------- C:\Documents and Settings\Owner\Application Data\MailWasherPro
2007-05-17 19:49:03 0 d-------- C:\Program Files\TCLOCKEX
2007-05-17 19:49:01 0 d-------- C:\Program Files\1-Click Answers
2007-05-17 19:48:52 0 d-------- C:\Program Files\EUdoraYAHOO
2007-05-17 19:48:47 0 d-------- C:\Program Files\KH Blocker
2007-05-17 19:48:34 0 d-------- C:\Program Files\MAILWASHER PRO
2007-05-17 19:48:30 0 d-------- C:\Program Files\ProcessTamer
2007-05-17 19:48:30 0 d-------- C:\Program Files\PC ATOMIC SYNC
2007-05-17 19:48:29 0 d-------- C:\Program Files\Vongo
2007-05-17 19:48:16 0 d-------- C:\Program Files\UPHClean
2007-05-17 18:20:53 32 --a------ C:\Documents and Settings\Owner\Application Data\ntl.ini
2007-05-17 1846 0 d-------- C:\Program Files\EUdoraADELPHIA
2007-05-17 06:39:31 0 d-------- C:\Program Files\WINAMP
2007-05-16 21:05:47 0 d-------- C:\Program Files\Java
2007-05-08 13:57:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-05 06:12:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Canon
2007-05-04 07:40:07 0 d-------- C:\Program Files\STREETS & TRIPS
2007-05-02 16:45:38 0 d-------- C:\Program Files\MemorexCD-DVD Software Suite
2007-05-02 16:45:35 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-29 09:20:59 0 d-------- C:\Program Files\IRFANVIEW
2007-04-20 05:13:25 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-04-17 14:18:50 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-04-16 20:07:06 0 d-------- C:\Program Files\Azureus
2007-04-14 15:20:15 0 d-------- C:\Program Files\REGISTERY MANAGER PRO, Registrar
2007-04-14 01:10:28 0 d-------- C:\Program Files\REGISTRAR LITE
2007-04-14 0100 186 --a------ C:\Program Files\RoboFormComTaskBarIcon.html
2007-04-14 0100 206 --a------ C:\Program Files\RoboFormComSetFields.html
2007-04-14 0100 205 --a------ C:\Program Files\RoboFormComSavePass.html
2007-04-14 0100 208 --a------ C:\Program Files\RoboFormComResetFields.html
2007-04-14 0100 192 --a------ C:\Program Files\RoboFormComPasswordGenerator.html
2007-04-14 0100 204 --a------ C:\Program Files\RoboFormComOptions.html
2007-04-14 0100 181 --a------ C:\Program Files\RoboFormComLogoff.html
2007-04-14 0100 206 --a------ C:\Program Files\RoboFormComFillForms.html
2007-04-14 0100 183 --a------ C:\Program Files\RoboFormComEditPass.html
2007-04-14 0100 183 --a------ C:\Program Files\RoboFormComEditNote.html
2007-04-14 0100 184 --a------ C:\Program Files\RoboFormComEditIdent.html
2007-04-14 0100 212 --a------ C:\Program Files\RoboFormComCustomizeIEMenu.html
2007-04-14 0100 208 --a------ C:\Program Files\RoboFormComClearFields.html
2007-04-14 01:05:53 208 --a------ C:\Program Files\RoboFormComShowToolbar.html
2007-04-14 01:03:58 56706 --a------ C:\Program Files\zh-Chinese.rfi
2007-04-14 01:03:58 29052 --a------ C:\Program Files\ua-Ukrainian.rfi
2007-04-14 01:03:58 50273 --a------ C:\Program Files\tr-Turkish.rfi
2007-04-14 01:03:58 61053 --a------ C:\Program Files\sk-Slovak.rfi
2007-04-14 01:03:58 86943 --a------ C:\Program Files\se-Swedish.rfi
2007-04-14 01:03:58 76109 --a------ C:\Program Files\sc-Serbian.rfi
2007-04-14 01:03:58 76672 --a------ C:\Program Files\sb-Serbian.rfi
2007-04-14 01:03:58 85440 --a------ C:\Program Files\ru-Russian.rfi
2007-04-14 01:03:58 77467 --a------ C:\Program Files\pl-Polish.rfi
2007-04-14 01:03:58 85872 --a------ C:\Program Files\no-Norwegian.rfi
2007-04-14 01:03:58 84645 --a------ C:\Program Files\nl-Dutch.rfi
2007-04-14 01:03:58 99350 --a------ C:\Program Files\lt-Lithuanian.rfi
2007-04-14 01:03:58 3736 --a------ C:\Program Files\license-zh.txt
2007-04-14 01:03:58 4722 --a------ C:\Program Files\license-ua.txt
2007-04-14 01:03:58 3916 --a------ C:\Program Files\license-tr.txt
2007-04-14 01:03:58 16762 --a------ C:\Program Files\license-se.txt
2007-04-14 01:03:58 8779 --a------ C:\Program Files\license-sc.txt
2007-04-14 01:03:58 8976 --a------ C:\Program Files\license-sb.txt
2007-04-14 01:03:58 5386 --a------ C:\Program Files\license-ru.txt
2007-04-14 01:03:58 17603 --a------ C:\Program Files\license-pl.txt
2007-04-14 01:03:58 7234 --a------ C:\Program Files\license-nl.txt
2007-04-14 01:03:58 16826 --a------ C:\Program Files\license-lt.txt
2007-04-14 01:03:58 5107 --a------ C:\Program Files\license-kr.txt
2007-04-14 01:03:58 14425 --a------ C:\Program Files\license-jp.txt
2007-04-14 01:03:58 6737 --a------ C:\Program Files\license-it.txt
2007-04-14 01:03:58 13019 --a------ C:\Program Files\license-hr.txt
2007-04-14 01:03:58 77370 --a------ C:\Program Files\kr-Korean.rfi
2007-04-14 01:03:58 87139 --a------ C:\Program Files\jp-Japanese.rfi
2007-04-14 01:03:58 90342 --a------ C:\Program Files\it-Italian.rfi
2007-04-14 01:03:58 22966 --a------ C:\Program Files\hu-Hungarian.rfi
2007-04-14 01:03:58 80660 --a------ C:\Program Files\hr-Croatian.rfi
2007-04-14 01:03:58 80 --a------ C:\Program Files\affid.txt
2007-04-14 01:03:57 3491 --a------ C:\Program Files\license-he.txt
2007-04-14 01:03:57 15532 --a------ C:\Program Files\license-fr.txt
2007-04-14 01:03:57 6284 --a------ C:\Program Files\license-fi.txt
2007-04-14 01:03:57 17949 --a------ C:\Program Files\license-es.txt
2007-04-14 01:03:57 16454 --a------ C:\Program Files\license-en.txt
2007-04-14 01:03:57 13371 --a------ C:\Program Files\license-dk.txt
2007-04-14 01:03:57 15020 --a------ C:\Program Files\license-de.txt
2007-04-14 01:03:57 12841 --a------ C:\Program Files\license-cz.txt
2007-04-14 01:03:57 3736 --a------ C:\Program Files\license-cn.txt
2007-04-14 01:03:57 7237 --a------ C:\Program Files\license-br.txt
2007-04-14 01:03:57 20791 --a------ C:\Program Files\license-ar.txt
2007-04-14 01:03:57 61445 --a------ C:\Program Files\he-Hebrew.rfi
2007-04-14 01:03:57 98035 --a------ C:\Program Files\fr-French.rfi
2007-04-14 01:03:57 49297 --a------ C:\Program Files\fi-Finnish.rfi
2007-04-14 01:03:57 96822 --a------ C:\Program Files\es-Spanish.rfi
2007-04-14 01:03:57 0 --a------ C:\Program Files\en-english.rfi
2007-04-14 01:03:57 84067 --a------ C:\Program Files\dk-Danish.rfi
2007-04-14 01:03:57 105075 --a------ C:\Program Files\de-German.rfi
2007-04-14 01:03:57 70241 --a------ C:\Program Files\cz-Czech.rfi
2007-04-14 01:03:57 48711 --a------ C:\Program Files\cn-Chinese.rfi
2007-04-14 01:03:57 90102 --a------ C:\Program Files\br-Brasilian.rfi
2007-04-14 01:03:57 71146 --a------ C:\Program Files\ar-Arabic.rfi
2007-04-14 01:03:56 20535 --a------ C:\Program Files\rfmozhlp.dll
2007-04-14 01:03:56 139328 --a------ C:\Program Files\passwordgenerator.exe <Not Verified; Siber Systems; RoboForm>
2007-04-14 01:03:56 90 --a------ C:\Program Files\dndhandle.gif
2007-04-14 01:03:54 6356 --a------ C:\Program Files\install.bmp
2007-04-09 23:07:16 262144 --a------ C:\windows\system32\default_user_class.dat
2007-04-09 12:11:55 0 d-------- C:\Program Files\Firefox
2007-04-09 12:10:36 0 d-------- C:\Program Files\RoboForm - Password Manager
2007-04-03 16:51:56 614400 --a------ C:\windows\system32\ExButton.dll <Not Verified; Exontrol Inc.; ExButton Module>
2007-04-03 16:51:24 307200 --a------ C:\windows\system32\ExPMenu.dll <Not Verified; Exontrol Inc.; ExPopupMenu Control>
2007-04-03 16:51:00 585728 --a------ C:\windows\system32\ExMenu.dll <Not Verified; Exontrol Inc.; ExMenu Control>
2007-03-28 09:38:27 0 d-------- C:\Program Files\SPYWARE APPS
2007-03-22 21:40:50 0 d-------- C:\Program Files\E-SWORD
2007-03-22 21:15:53 0 d-------- C:\Program Files\MP3 CD Burner
2007-03-22 20:00:27 164 --a------ C:\install.dat
2007-02-26 11:48:46 6 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2007-02-26 11:48:46 1028 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2007-02-25 11:28:41 509 --a------ C:\Program Files\SYS INFO APPS.lnk


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00C6482D-C502-44C8-8409-FCE54AD9C208} C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\roboform.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KH Blocker"="\"C:\\Program Files\\KH Blocker\\khb.exe\""
"OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"AVG7_CC"="\"C:\\PROGRA~1\\SPYWAR~1\\AVGANT~1\\avgcc.exe\" /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SBAutoUpdate"="\"C:\\Program Files\\SPYWARE APPS\\SPYWAREBLASTER\\sbautoupdate.exe\""
"SpySweeper"="\"C:\\Program Files\\SPYWARE APPS\\SPY SWEEPER\\SpySweeperUI.exe\" /startintray"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TClockEx"="\"C:\\Program Files\\TCLOCKEX\\TCLOCKEX.EXE\""
"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"
"RoboForm"="\"C:\\Program Files\\RoboTaskBarIcon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 adserver.adbunker.com
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net

14627 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-05-17 at 20:28:40 ---------
Attached Images
File Type: jpg PandaScan 2007 0517 807PM.jpg (27.3 KB, 3 views)
Attached Files
File Type: txt extra.txt (20.3 KB, 2 views)
Last edited by jimeee : 05-17-2007 at 09:28 PM.
jimeee is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:07 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82