|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
09-02-2007, 01:26 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2007
Location: South Carolina
Posts: 12
OS: XP
|
Windows Messenger-style hijack
This morning my wife informed me that she was getting some strange popups asking for Paypal information. They looked eerily similar to the old Windows Messenger popups (which I disabled a long time ago). They knew her name (also the name of her profile on our computer), and kept asking for Paypal info...saying they were the FBI. They even warned about shutting off our Internet -- and then the network connections icon popped up in the sys tray and we temporarily lost our Internet connection.
We are not on any wireless LAN or anything like that. Here is the Hijack this/Deckard's log: Deckard's System Scanner v20070826.66 Run by Todd on 2007-09-02 16:13:27 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 98: 2007-09-02 20:13:35 UTC - RP692 - Deckard's System Scanner Restore Point 97: 2007-09-02 16:32:00 UTC - RP691 - Configured AVG 7.5 96: 2007-09-02 12:33:02 UTC - RP690 - System Checkpoint 95: 2007-09-01 12:24:02 UTC - RP689 - System Checkpoint 94: 2007-08-31 03:07:39 UTC - RP688 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2007-06-04 14:37:13 UTC - RP595 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Todd.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:07 PM, on 9/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Todd\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Todd.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8134 bytes -- File Associations ----------------------------------------------------------- .js - JSFile - DefaultIcon - "F:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu> S3 GMSIPCI - d:\install\gmsipci.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&57AEB29&0&01 Manufacturer: Nvidia Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&57AEB29&0&01 Service: NVENETFD -- Scheduled Tasks ------------------------------------------------------------- 2007-09-01 09:04:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2007-03-18 03:00:00 252 --a------ C:\WINDOWS\Tasks\Rising Conflicts Updates.job -- Files created between 2007-08-02 and 2007-09-02 ----------------------------- 2007-09-02 16:14:58 0 d-------- C:\Program Files\Trend Micro 2007-09-02 14:55:16 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-09-02 14:55:15 0 d-------- C:\WINDOWS\LastGood 2007-09-02 12:39:40 0 d-------- C:\Program Files\xp-AntiSpy 2007-08-26 12:55:43 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire Plus 2007-08-26 12:55:32 0 d-------- C:\Program Files\Xfire Plus 2007-08-18 16:21:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-08-13 21:11:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2007-08-04 10:07:26 0 d-------- C:\Program Files\iPod 2007-08-04 10:07:23 0 d-------- C:\Program Files\iTunes 2007-08-02 14:35:07 0 dr-h----- C:\$VAULT$.AVG -- Find3M Report --------------------------------------------------------------- 2007-09-02 15:40:26 0 d-------- C:\Program Files\SmartFTP Client 2.0 2007-09-02 14:51:10 0 d-------- C:\Program Files\A1Click Ultra PC Cleaner 2007-09-02 14:51:04 0 d-------- C:\Program Files\A1Clean 2007-09-01 23:49:31 0 d-------- C:\Documents and Settings\Todd\Application Data\Azureus 2007-09-01 15:03:26 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire 2007-09-01 14:33:30 0 d---s---- C:\Program Files\Xfire 2007-09-01 13:48:04 0 d-------- C:\Program Files\DivX 2007-08-26 10:41:09 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-24 19:49:32 0 d-------- C:\Program Files\RegVac Registry Cleaner 2007-08-24 19:47:41 0 d-------- C:\Program Files\Azureus 2007-08-24 19:40:55 0 d-------- C:\Documents and Settings\Todd\Application Data\AVG7 2007-08-23 23:53:59 48128 --a------ C:\WINDOWS\system32\lpr.exe 2007-08-04 10:04:27 0 d-------- C:\Program Files\QuickTime 2007-07-31 21:31:41 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-07-29 20:33:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 12:49:37 0 d-------- C:\Program Files\Veoh Networks 2007-07-26 22:26:53 0 d-------- C:\Program Files\SystemRequirementsLab 2007-07-26 22:26:53 0 d-------- C:\Documents and Settings\Todd\Application Data\SystemRequirementsLab 2007-07-26 19  22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll2007-07-26 19:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-07-26 19:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-07-26 19:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-24 22:00:54 3912 --a------ C:\WINDOWS\mozver.dat 2007-07-24 22:00:08 0 d-------- C:\Documents and Settings\Todd\Application Data\Real 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files\xing shared 2007-07-24 21:59:24 0 d-------- C:\Program Files\Common Files\Real 2007-07-23 16:24:50 0 d-------- C:\Program Files\EA SPORTS 2007-07-19 21:25:28 0 d-------- C:\Program Files\Java 2007-07-10 19:35:58 0 d-------- C:\Documents and Settings\Todd\Application Data\GameHouse 2007-07-08 13:17:22 0 d-------- C:\Program Files\IrfanView 2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [06/01/2006 11:34 AM C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [06/01/2006 11:34 AM C:\WINDOWS\system32\CTXFIHLP.EXE] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM] "SoundMan"="SOUNDMAN.EXE" [11/11/2005 03:07 PM C:\WINDOWS\soundman.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM] "NWEReboot"="" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/16/2007 03:25 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/24/2007 09:59 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM] "nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [11/20/2006 10:12 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [05/19/2005 08:38 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 9:16:50 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/29/2006 9:35:53 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/17/2006 11:39:33 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8e17c22-6f31-11da-acf3-806d6172696f}] AutoRun\command- D:\Setup\rsrc\autorun.exe dinstall\command- D:\Directx\dxsetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{76277BAE-0003-7541-B287-7107A6F49FC2}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2007-09-02 16:15:44 ------------ Here is the Panda soft scan, too: Incident Status Location Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.com.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.2o7.net/] Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.ads.addynamix.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.adtech.de/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.atwola.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.belnk.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.go.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.qksrv.net/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[.xiti.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\lg2sgdfl.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.com.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[stats1.clicktracks.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.overture.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[statse.webtrendslive.com/S129102] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.adtech.de/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.2o7.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\eahvs6j5.default\cookies.txt[.did-it.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Todd\Cookies\todd@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Todd\Cookies\todd@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Todd\Cookies\todd@dist.belnk[2].txt Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Todd\Cookies\todd@gostats[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Todd\Cookies\todd@go[2].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Todd\Cookies\todd@target[1].txt Virus:Trj/Downloader.MDW Not disinfected C:\Program Files\A1Clean\Undo20070708Temp-7.zip[C:/Documents and Settings/Lisa/Local Settings/Temporary Internet Files/Content.IE5/QB2NEDQB/popcaploader[1].cab][PopCapLoader.dll] Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll Adware:Adware/SaveNow Not disinfected F:\program files\DAEMON Tools\SetupDTSB.exe The viruses that Panda detected were gaming software my wife uses, and A1PC Cleaner, a system tool made by SuperWin.com. I don't use it much, but I use some of his other software all the time (RegVac). Thanks in advance. Last edited by tetonbob : 09-03-2007 at 08:55 AM. Reason: removed code tags, makes logs harder to read. |
|
     |
|
09-04-2007, 04:24 PM
|
#2 (permalink) |
|
Registered User
Join Date: Sep 2007
Location: South Carolina
Posts: 12
OS: XP
|
Re: Windows Messenger-style hijack
Bumpilicious!
An updated DSS scan: Deckard's System Scanner v20070826.66 Run by Todd on 2007-09-04 19:21:22 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Todd.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:21:26 PM, on 9/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ups.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Todd\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Todd.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8317 bytes -- Files created between 2007-08-04 and 2007-09-04 ----------------------------- 2007-09-02 16:14:58 0 d-------- C:\Program Files\Trend Micro 2007-09-02 14:55:16 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-09-02 12:39:40 0 d-------- C:\Program Files\xp-AntiSpy 2007-08-26 12:55:43 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire Plus 2007-08-26 12:55:32 0 d-------- C:\Program Files\Xfire Plus 2007-08-18 16:21:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2007-08-13 21:11:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Xfire 2007-08-04 10:07:26 0 d-------- C:\Program Files\iPod 2007-08-04 10:07:23 0 d-------- C:\Program Files\iTunes -- Find3M Report --------------------------------------------------------------- 2007-09-04 18:04:15 0 d-------- C:\Program Files\RegVac Registry Cleaner 2007-09-03 14:55:53 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire 2007-09-03 14:04:21 0 d-------- C:\Documents and Settings\Todd\Application Data\AVG7 2007-09-02 16:33:35 0 d-------- C:\Program Files\Java 2007-09-02 15:40:26 0 d-------- C:\Program Files\SmartFTP Client 2.0 2007-09-02 14:51:10 0 d-------- C:\Program Files\A1Click Ultra PC Cleaner 2007-09-02 14:51:04 0 d-------- C:\Program Files\A1Clean 2007-09-01 23:49:31 0 d-------- C:\Documents and Settings\Todd\Application Data\Azureus 2007-09-01 14:33:30 0 d---s---- C:\Program Files\Xfire 2007-09-01 13:48:04 0 d-------- C:\Program Files\DivX 2007-08-26 10:41:09 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-24 19:47:41 0 d-------- C:\Program Files\Azureus 2007-08-23 23:53:59 48128 --a------ C:\WINDOWS\system32\lpr.exe 2007-08-04 10:04:27 0 d-------- C:\Program Files\QuickTime 2007-07-31 21:31:41 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-07-29 20:33:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 12:49:37 0 d-------- C:\Program Files\Veoh Networks 2007-07-26 22:26:53 0 d-------- C:\Program Files\SystemRequirementsLab 2007-07-26 22:26:53 0 d-------- C:\Documents and Settings\Todd\Application Data\SystemRequirementsLab 2007-07-26 19 22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll2007-07-26 19:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-07-26 19:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-07-26 19:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-24 22:00:54 3912 --a------ C:\WINDOWS\mozver.dat 2007-07-24 22:00:08 0 d-------- C:\Documents and Settings\Todd\Application Data\Real 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files\xing shared 2007-07-24 21:59:24 0 d-------- C:\Program Files\Common Files\Real 2007-07-23 16:24:50 0 d-------- C:\Program Files\EA SPORTS 2007-07-10 19:35:58 0 d-------- C:\Documents and Settings\Todd\Application Data\GameHouse 2007-07-08 13:17:22 0 d-------- C:\Program Files\IrfanView 2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [06/01/2006 11:34 AM C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [06/01/2006 11:34 AM C:\WINDOWS\system32\CTXFIHLP.EXE] "SoundMan"="SOUNDMAN.EXE" [11/11/2005 03:07 PM C:\WINDOWS\soundman.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM] "NWEReboot"="" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/16/2007 03:25 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/24/2007 09:59 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM] "nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [11/20/2006 10:12 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [05/19/2005 08:38 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 9:16:50 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/29/2006 9:35:53 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/17/2006 11:39:33 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8e17c22-6f31-11da-acf3-806d6172696f}] AutoRun\command- D:\Setup\rsrc\autorun.exe dinstall\command- D:\Directx\dxsetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{76277BAE-0003-7541-B287-7107A6F49FC2}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2007-09-04 19:21:48 ------------ |
|
|
|
|
09-17-2007, 12:21 AM
|
#5 (permalink) |
|
Expert Analyst, Moderator, Security Team
Join Date: Sep 2006
Posts: 1,322
OS: xp
|
Re: Windows Messenger-style hijack
Hi DigitalGypsy, sorry about the delay
If your still in need of assitance and are not recieving help at another forum, post back with a new DDS Main.txt. |
|
|
|
|
09-17-2007, 07:30 AM
|
#6 (permalink) |
|
Registered User
Join Date: Sep 2007
Location: South Carolina
Posts: 12
OS: XP
|
Re: Windows Messenger-style hijack
I haven't seen the Paypal hack since that day, but I am curious as to how it happened. Here is the updated DSS:
Deckard's System Scanner v20070826.66 Run by Todd on 2007-09-17 10:29:51 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Todd.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:14 AM, on 9/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Xfire\xfiremusic.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Todd\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Todd.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/m...s/MsnPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab58570.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E22AF79-77EA-426C-95CA-7D2583E2A2B9}: NameServer = 192.168.15.1 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8380 bytes -- Files created between 2007-08-17 and 2007-09-17 ----------------------------- 2007-09-15 20:51:49 0 dr-h----- C:\Documents and Settings\Todd\Application Data\SecuROM 2007-09-08 09:17:31 0 d-------- C:\Program Files\iPod 2007-09-08 09:17:27 0 d-------- C:\Program Files\iTunes 2007-09-08 09:17:00 0 d-------- C:\WINDOWS\SxsCaPendDel 2007-09-02 16:14:58 0 d-------- C:\Program Files\Trend Micro 2007-09-02 14:55:16 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-09-02 12:39:40 0 d-------- C:\Program Files\xp-AntiSpy 2007-08-26 12:55:43 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire Plus 2007-08-26 12:55:32 0 d-------- C:\Program Files\Xfire Plus 2007-08-18 16:21:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire -- Find3M Report --------------------------------------------------------------- 2007-09-17 10:26:28 0 d-------- C:\Program Files\RegVac Registry Cleaner 2007-09-16 20:00:46 0 d-------- C:\Documents and Settings\Todd\Application Data\Azureus 2007-09-16 18:45:58 0 d-------- C:\Documents and Settings\Todd\Application Data\Xfire 2007-09-15 21 57 0 d---s---- C:\Program Files\Xfire2007-09-08 08:40:36 0 d-------- C:\Program Files\Azureus 2007-09-03 14:04:21 0 d-------- C:\Documents and Settings\Todd\Application Data\AVG7 2007-09-02 16:33:35 0 d-------- C:\Program Files\Java 2007-09-02 15:40:26 0 d-------- C:\Program Files\SmartFTP Client 2.0 2007-09-02 14:51:10 0 d-------- C:\Program Files\A1Click Ultra PC Cleaner 2007-09-02 14:51:04 0 d-------- C:\Program Files\A1Clean 2007-09-01 13:48:04 0 d-------- C:\Program Files\DivX 2007-08-26 10:41:09 0 d-------- C:\Program Files\Common Files\Adobe 2007-08-04 10:04:27 0 d-------- C:\Program Files\QuickTime 2007-07-31 21:31:41 8 --a------ C:\WINDOWS\system32\nvModes.dat 2007-07-29 20:33:57 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-07-28 12:49:37 0 d-------- C:\Program Files\Veoh Networks 2007-07-26 22:26:53 0 d-------- C:\Program Files\SystemRequirementsLab 2007-07-26 22:26:53 0 d-------- C:\Documents and Settings\Todd\Application Data\SystemRequirementsLab 2007-07-26 19 22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll2007-07-26 19:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-07-26 19:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-07-26 19:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-07-26 19:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-24 22:00:54 3912 --a------ C:\WINDOWS\mozver.dat 2007-07-24 22:00:08 0 d-------- C:\Documents and Settings\Todd\Application Data\Real 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files 2007-07-24 21:59:27 0 d-------- C:\Program Files\Common Files\xing shared 2007-07-24 21:59:24 0 d-------- C:\Program Files\Common Files\Real 2007-07-23 16:24:50 0 d-------- C:\Program Files\EA SPORTS 2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe 2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll 2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTHelper"="CTHELPER.EXE" [06/01/2006 11:34 AM C:\WINDOWS\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [06/01/2006 11:34 AM C:\WINDOWS\system32\CTXFIHLP.EXE] "SoundMan"="SOUNDMAN.EXE" [11/11/2005 03:07 PM C:\WINDOWS\soundman.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [03/28/2006 05:38 PM C:\WINDOWS\KHALMNPR.Exe] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM] "NWEReboot"="" [] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 08:42 PM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/13/2007 08:10 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/24/2007 09:59 PM] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM] "nwiz"="nwiz.exe" [06/29/2007 12:43 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [06/29/2007 12:43 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM] "Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [11/20/2006 10:12 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="" [] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [05/19/2005 08:38 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 9:16:50 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [7/29/2006 9:35:53 PM] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 8:28:24 PM] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 8:50:52 PM] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/17/2006 11:39:33 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 4:15:54 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8e17c22-6f31-11da-acf3-806d6172696f}] AutoRun\command- D:\Setup\rsrc\autorun.exe dinstall\command- D:\Directx\dxsetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{76277BAE-0003-7541-B287-7107A6F49FC2}] C:\WINDOWS\system32:lpr.exe -- End of Deckard's System Scanner: finished at 2007-09-17 10:30:36 ------------ |
|
|
