[JulieXP]

Hi,

Just a few hours ago WinPartorl alerted me that something was trying to change my HOST file, but i declined the permission. Shortly after I was booted from my gmail account when I was reading my emails. It said that someone logged in from a different location.

Also, this past week my fan had been acting really weird, started to make a lot of sounds, like the fan speed tripled or something. I had scanned my computer with SpyBot and AVG scanners and everything came up clean.

Any help would be much appreciated.

Thank you,
Julie

Deckard's System Scanner v20071014.68
Run by RemyXO on 2008-06-12 08:58:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as RemyXO.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:48 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\RemyXO\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RemyXO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 130.49.221.40:3127
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Logitech SetPoint Event Manager (UNICODE)] C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/RemyXO/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7746 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 08:07:24 0 d-------- C:\Program Files\SpywareBlaster
2008-06-12 07:55:16 0 d-------- C:\Program Files\Panda Security
2008-06-08 23:36:52 0 d--h----- C:\$AVG8.VAULT$
2008-06-08 23:35:13 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-08 23:35:04 0 d-------- C:\Program Files\AVG
2008-06-08 23:35:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-08 11:44:56 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-07 06:58:55 0 d-------- C:\Documents and Settings\RemyXO\Application Data\Thinstall
2008-06-07 06:45:23 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Thinstall
2008-06-07 06:41:16 0 d-------- C:\Documents and Settings\Project Recover\Application Data\.BitTornado
2008-06-07 06:29:05 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Adobe
2008-06-07 06:25:00 0 d-------- C:\Program Files\RegCure
2008-06-07 06:15:10 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Macromedia
2008-06-07 05:47:10 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Mozilla
2008-06-07 05:39:47 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Google
2008-06-06 04:12:05 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Ipswitch
2008-06-06 04:11:03 0 d-------- C:\Documents and Settings\Project Recover\Application Data\WinPatrol
2008-06-06 04:11:03 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Logitech
2008-06-06 04:10:31 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Jasc Software Inc
2008-06-06 04:10:31 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Identities
2008-06-06 04:10:31 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Gtek
2008-06-06 04:10:31 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Creative
2008-06-06 04:10:30 0 d--h----- C:\Documents and Settings\Project Recover\Templates
2008-06-06 04:10:30 0 dr------- C:\Documents and Settings\Project Recover\Start Menu
2008-06-06 04:10:30 0 dr-h----- C:\Documents and Settings\Project Recover\SendTo
2008-06-06 04:10:30 0 dr-h----- C:\Documents and Settings\Project Recover\Recent
2008-06-06 04:10:30 0 d--h----- C:\Documents and Settings\Project Recover\PrintHood
2008-06-06 04:10:30 2621440 --ah----- C:\Documents and Settings\Project Recover\NTUSER.DAT
2008-06-06 04:10:30 0 d--h----- C:\Documents and Settings\Project Recover\NetHood
2008-06-06 04:10:30 0 dr------- C:\Documents and Settings\Project Recover\My Documents
2008-06-06 04:10:30 0 d--h----- C:\Documents and Settings\Project Recover\Local Settings
2008-06-06 04:10:30 0 dr------- C:\Documents and Settings\Project Recover\Favorites
2008-06-06 04:10:30 0 d-------- C:\Documents and Settings\Project Recover\Desktop
2008-06-06 04:10:30 0 d--hs---- C:\Documents and Settings\Project Recover\Cookies
2008-06-06 04:10:30 0 dr-h----- C:\Documents and Settings\Project Recover\Application Data
2008-06-06 04:10:30 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Symantec
2008-06-06 04:10:30 0 d-------- C:\Documents and Settings\Project Recover\Application Data\Sun
2008-06-06 04:10:30 0 d---s---- C:\Documents and Settings\Project Recover\Application Data\Microsoft
2008-06-05 08:36:04 0 d-------- C:\Program Files\PHP
2008-05-30 03:30:38 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-30 03:01:11 0 d-------- C:\Program Files\BitTornado
2008-05-30 02:57:42 0 d-------- C:\Documents and Settings\RemyXO\Application Data\DAEMON Tools
2008-05-25 23:39:45 0 d-------- C:\Program Files\Bonjour
2008-05-25 23:26:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-24 03:43:42 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-05-24 03:43:42 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-05-24 03:43:41 0 d-------- C:\Program Files\Cheat Engine
2008-05-13 12:20:05 0 d-------- C:\Documents and Settings\RemyXO\Logs


-- Find3M Report ---------------------------------------------------------------

2008-06-12 08:31:12 0 d-------- C:\Program Files\Common Files
2008-06-12 08:06:18 0 d-------- C:\Program Files\Trend Micro
2008-06-12 07:46:00 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-12 07:26:44 0 d-------- C:\Program Files\Google
2008-06-12 06:08:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-12 06:05:24 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 05:49:32 0 d-------- C:\Program Files\AeroTags TagsLock PRO
2008-06-12 05:45:38 0 d-------- C:\Documents and Settings\RemyXO\Application Data\Adobe
2008-06-12 04:57:30 2516 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-11 02:44:04 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-06-10 11:24:57 0 d-------- C:\Program Files\SpeedFan
2008-06-09 02:22:39 0 d-------- C:\Program Files\World of Warcraft
2008-06-04 04:47:59 0 d-------- C:\Program Files\PokerStars
2008-05-27 17:55:33 0 d-------- C:\Documents and Settings\RemyXO\Application Data\Canon
2008-05-25 23:46:17 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 13:01:07 0 d-------- C:\Documents and Settings\RemyXO\Application Data\Uniblue
2008-05-04 12:57:16 0 d-------- C:\Program Files\Sonic
2008-05-04 12:55:56 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-12 07:21:36 0 d-------- C:\Program Files\MSECache
2008-03-25 23:59:48 28513 --a------ C:\logfile


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/10/2004 05:04 AM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [06/16/2005 07:25 PM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 01:00 PM]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe" [11/15/2005 02:50 PM]
"Logitech SetPoint Event Manager (UNICODE)"="C:\Program Files\Logitech\SetPoint\SetPoint.exe" [08/04/2005 02:42 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/22/2005 11:25 PM C:\WINDOWS\KHALMNPR.Exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/08/2008 11:35 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [03/13/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [11/01/2007 07:54 PM]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [01/29/2007 11:57 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [02/03/2004 01:42 AM]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [10/9/2007 3:13:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
"C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r




-- End of Deckard's System Scanner: finished at 2008-06-12 08:59:56 ------------

 

[JulieXP]

bump, please