Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Hacker Tools/Rootkits Detected! Trillian, PRScheduler, Application/Deleter
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 08-08-2007, 12:31 AM   #1 (permalink)
Registered User
 
timbo6108's Avatar
 
Join Date: Aug 2007
Location: AL
Posts: 5
OS: WinXP_SP2


Hacker Tools/Rootkits Detected! Trillian, PRScheduler, Application/Deleter
Completed Steps 1-5!

I have had trouble staying connected to the internet being disconnected every few minutes until I go to IE 'Options' and reset my 'Security' settings 'all to default', IE7 webpages not loading/errors on them w/popups on various pages saying script errors/cannot find/display webpage etc. Computer is slow, hangs, and frequently does nothing. Excel dissapeared, so I had to install Excel Reader/Viewer! Believe hacker(s) have hacked into my system. Also, I may have programs on my PC that I do not need or that was put there by someone unknown. May have hardware conflicts! Deleted Trillian when trying to get rid of unwanted programs, then tried using DataNuker to get rid of the trillian file, but it would not disappear. This was done before I realized Trillian was a corrupt program! I know I need more RAM....will adjusting my Virtual Memory settings help my PC to speed up any?


Deckard's System Scanner v20070807.62
Run by Tim on 2007-08-08 at 00:30:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-08-08 05:31:10 UTC - RP1013 - Deckard's System Scanner Restore Point
16: 2007-08-07 17:10:52 UTC - RP1012 - System Checkpoint
15: 2007-08-06 1753 UTC - RP1011 - Installed Ad-Aware 2007
14: 2007-08-06 14:15:49 UTC - RP1010 - System Checkpoint
13: 2007-08-05 04:14:35 UTC - RP1009 - Installed Java(TM) 6 Update 2


-- First Restore Point --
1: 2007-07-30 15:40:45 UTC - RP997 - good


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 127 MiB (512 MiB recommended).


-- HijackThis (run as Tim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:55 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\wmconnect\wwm.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Netscape Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1182373845508
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182373263892
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - http://de.trendmicro-europe.com/file...CallButton.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D1ACD2D8-7312-4D06-BECD-90EB094D2277} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78976A37-478C-4CA2-B5D0-0C11631E3AD0}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (file missing)
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

--
End of file - 10582 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\windows\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

S2 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S3 CaCCProvSP - "c:\program files\ca\etrust internet security suite\ccprovsp.exe" (file missing)
S3 LiveUpdate - "c:\progra~1\symantec\liveup~1\lucoms~1.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SMC EZ Card 10/100 (SMC1244TX V2)
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\4&24AB0D93&0&50F0
Manufacturer: SMC
Name: SMC EZ Card 10/100 (SMC1244TX V2)
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\4&24AB0D93&0&50F0
Service: FastNIC


-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-07 21:20:06 0 dr-h----- C:\Documents and Settings\Tim\Recent
2007-08-07 15:47:04 0 d-------- C:\WINDOWS\LastGood
2007-08-04 19:31:03 0 d-------- C:\Program Files\RegistryPatrol3.0
2007-08-04 14:51:58 3488365 --a------ C:\Program Files\RegistryPatrolSetup.exe
2007-08-03 18:09:00 18176512 --a------ C:\Program Files\aaw2007.exe
2007-08-02 21:57:46 0 d-------- C:\Program Files\MSXML 6.0
2007-07-31 08:46:45 0 d-------- C:\Program Files\Panda Security
2007-07-31 08:11:40 0 d-------- C:\Documents and Settings\Tim\Pavark
2007-07-31 08:09:58 744339 --a------ C:\Program Files\PAVARK.exe
2007-07-31 07:16:53 1020640 --a------ C:\Program Files\antirootkit.exe
2007-07-28 00:03:06 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-07-28 00:01:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-28 00:01:42 0 d-------- C:\Documents and Settings\Tim\Application Data\SUPERAntiSpyware.com
2007-07-26 23:03:18 0 d------c- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-07-26 23:01:16 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2007-07-26 23:01:16 0 dr-h---c- C:\Documents and Settings\Administrator\Recent
2007-07-26 23:01:16 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2007-07-26 23:01:16 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2007-07-26 23:01:16 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2007-07-26 23:01:16 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2007-07-26 23:01:16 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2007-07-26 23:01:16 0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-07-26 23:01:16 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2007-07-26 23:01:16 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2007-07-26 23:01:16 0 d------c- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-07-26 23:01:16 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-07-26 23:01:16 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2007-07-26 23:01:15 0 d------c- C:\Documents and Settings\Administrator\WINDOWS
2007-07-26 23:01:15 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2007-07-26 23:01:15 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-07-26 23:01:14 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-07-26 22:39:36 0 d-------- C:\Documents and Settings\Tim\Application Data\Grisoft
2007-07-26 18:43:55 0 d-------- C:\Documents and Settings\Tim\Application Data\MSN6
2007-07-26 00:46:43 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-26 0049 50688 --a------ C:\Program Files\ATF_Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2007-07-23 20:16:06 0 d-------- C:\Documents and Settings\Tim\Application Data\VersionTracker Pro
2007-07-23 19:47:02 118784 --a------ C:\Program Files\udc.exe <Not Verified; filehippo.com; filehippo.com update client>
2007-07-23 17:56:17 0 d-------- C:\Program Files\ZillaSoft.ws
2007-07-23 17:53:48 1030557 --a------ C:\Program Files\zca.exe <Not Verified; ZillaSoft, Inc.; >
2007-07-23 17:36:11 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-07-19 14:52:05 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-19 14:47:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-14 11:52:13 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2007-07-13 23:08:17 0 d-------- C:\Program Files\Trend Micro
2007-07-10 14:39:19 0 d-------- C:\Program Files\Common Files\xing shared
2007-07-08 18:34:23 0 d------c- C:\Documents and Settings\All Users\Application Data\America Online


-- Find3M Report ---------------------------------------------------------------

2007-08-08 00:28:50 0 d-------- C:\Documents and Settings\Tim\Application Data\AVG7
2007-08-07 22:33:28 0 d-------- C:\Program Files\wmconnect
2007-08-07 16:42:27 0 d-------- C:\Program Files\Zilla Data Nuker
2007-08-07 15:56:59 0 d-------- C:\Program Files\CallWave
2007-08-06 12:07:09 0 d-------- C:\Program Files\Lavasoft
2007-08-06 10:13:50 0 d-------- C:\Program Files\SpywareBlaster
2007-08-05 00:03:48 0 d-------- C:\Program Files\Java
2007-07-30 12:11:58 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer
2007-07-28 14:05:20 0 d-------- C:\Program Files\PC Inspector File Recovery
2007-07-23 19:34:01 0 d-------- C:\Program Files\Trillian
2007-07-19 14:51:57 0 d-------- C:\Documents and Settings\Tim\Application Data\Lavasoft
2007-07-19 14:47:13 0 d-a------ C:\Program Files\Common Files
2007-07-18 12:11:20 38567 --a------ C:\WINDOWS\system32\pcpbios.exe
2007-07-17 13:26:08 103304 --a------ C:\Documents and Settings\Tim\Application Data\GDIPFONTCACHEV1.DAT
2007-07-14 11:45:58 0 d-------- C:\Program Files\Setup NetZero
2007-07-10 14:44:02 0 d-------- C:\Documents and Settings\Tim\Application Data\Real
2007-07-10 14:38:49 0 d-------- C:\Program Files\Common Files\Real
2007-07-06 08:09:26 0 d-------- C:\Program Files\webInstaller
2007-07-05 20:05:00 0 d-------- C:\Documents and Settings\Tim\Application Data\Viewpoint
2007-07-05 15:08:34 0 d-------- C:\Program Files\Microsoft Malicious Tool Remover
2007-07-05 10:36:01 9953 --a------ C:\Program Files\hijackthis.log
2007-07-01 01:54:22 0 d-------- C:\Program Files\MSBuild
2007-07-01 01:36:35 0 d-------- C:\Program Files\Reference Assemblies
2007-06-30 22:30:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-24 22:54:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-24 22:42:04 0 d-------- C:\Program Files\TightVNC
2007-06-23 03:17:23 0 d-------- C:\Program Files\CONEXANT
2007-06-23 01:42:10 0 d-------- C:\Program Files\Canon
2007-06-21 23:08:29 0 d-------- C:\Documents and Settings\Tim\Application Data\WinRAR
2007-06-14 02:23:47 0 d-------- C:\Program Files\CCleaner


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"RemoteControl"="C:\WINDOWS\System32\rmctrl.exe" [11/09/2001 09:17 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"PCDRealtime"="C:\WINDOWS\realtime.exe" [08/29/2004 01:07 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/11/2006 04:40 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 04:40 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/17/2002 07:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/17/2002 07:45 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/10/2007 08:58 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/10/2007 02:36 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\Tim\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 8:31:16 AM]
PowerReg Scheduler.exe [10/7/2006 5:47:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CallWave.lnk - C:\Program Files\CallWave\IAM.exe [7/17/2005 2:13:36 AM]
DESKTOP.INI [11/15/2001 8:31:16 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 654 PM]
Netscape Connect Tray Icon.lnk - C:\Program Files\wmconnect\wmtray.exe [8/18/2005 7:25:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-08-08 at 00:37:50 ---------
Attached Files
File Type: txt extra.txt (13.7 KB, 1 views)
timbo6108 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:05 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85