Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter #1
hello.
i have a Trojan that on system start up system start iexplore.exe which is trying to connect to 221.228.97.117:8008 .
In the beginning i remember svhost.exe was trying the same address with port 3131 with the iexplore.exe to the host:8008. now only iexplore.exe is trying. no more svhost.exe to host:3131 i guess i deleted something don't know.

is interesting the the hostname(Domain Name) change all the time ;P

Btw i runned dss.exe for first time when i already killed iexplore.exe (that is runned by system)
btw when kill that iexplore.exe after that when i start iexplore.exe to browse internet no connection are tryed to be opened to that host. its trying every 1 minute otheriwse. but once killed the proccess iexlore.exe runned by System there are no mo tries.

so thats why i decided to restart and run Dss.exe and now i have only the main.txt file.
so please if you need the other txt file let me know and how to get it as well .

thanks to the help of everyone.


Deckard's System Scanner v20071014.68
Run by Taina on 2007-11-28 08:28:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Taina.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:38 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\MessengerLog Pro\mlserv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Taina\Desktop\dss.exe
C:\DOCUME~1\Taina\Desktop\Taina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:eek:s_startup
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.callertunes.com
O15 - Trusted Zone: http://support.f-secure.com
O15 - Trusted Zone: http://www.truckstop.com
O15 - Trusted Zone: http://*.truckstop.com
O15 - Trusted Zone: http://www.vonage.com
O15 - Trusted IP range: http://192.168.15.100
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} (HttpVoicePlay Class) - http://www.callertunes.com/greeting/CBRT.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://cid-5cd3c08e4adff968.skydrive.live.com/Microsoft.Live.Folders.RichUpload.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MLServ - formessengers.com - C:\Program Files\MessengerLog Pro\mlserv.exe
O23 - Service: NATesServiceware (NATosService) - Unknown owner - C:\WINDOWS\system\svchest.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12275 bytes

-- Files created between 2007-10-28 and 2007-11-28 -----------------------------

2008-04-22 06:13:03 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-11-21 17:52:59 0 d-------- C:\Program Files\drd32
2007-11-16 11:19:15 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-16 10:15:36 0 d-------- C:\WINDOWS\pss
2007-11-15 13:14:49 0 d-------- C:\Windump
2007-11-15 09:35:42 0 d-------- C:\Documents and Settings\Taina\Application Data\Agnitum
2007-11-15 09:34:20 0 d-------- C:\WINDOWS\system32\Filt
2007-11-15 09:34:20 0 d-------- C:\Program Files\Agnitum
2007-11-14 13:31:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MessengerLog6
2007-11-14 13:31:09 0 d-------- C:\Program Files\MessengerLog Pro
2007-11-14 12:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2007-11-14 12:43:59 0 d-------- C:\Program Files\Dump.ru
2007-11-14 12:31:55 259584 --a------ C:\WINDOWS\system32\drivers\XHASP.sys
2007-11-14 11:04:25 0 d-------- C:\Gzips
2007-11-14 09:52:49 0 d-------- C:\Program Files\Windows Defender
2007-11-12 21:25:20 0 d-------- C:\Program Files\WinPcap
2007-11-12 19:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Detect
2007-11-12 15:03:17 0 d-------- C:\fsaua.data
2007-11-08 13:25:20 170000 --a------ C:\WINDOWS\system\TUTILITY.DLL
2007-11-08 13:25:20 83129 --a------ C:\WINDOWS\system\LCRYPKYD.DLL
2007-11-08 13:25:20 81920 --a------ C:\WINDOWS\system\BIVBX11.DLL <Not Verified; Borland International; VBX Emulation Library>
2007-11-08 13:25:14 0 d-------- C:\IDAPI
2007-11-08 13:25:09 0 d-------- C:\DRD
2007-11-08 13:24:18 248064 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-11-08 13:24:18 26768 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-11-08 11:54:19 0 d-------- C:\CrypKey.6120
2007-11-08 10:53:52 659968 -r-hs---- C:\WINDOWS\system\svchest.exe
2007-11-08 08:19:37 0 d-------- C:\Documents and Settings\All Users\Application Data\South River Technologies
2007-11-08 08:15:14 0 d-------- C:\Documents and Settings\Taina\Application Data\InstallShield
2007-11-07 15:20:08 0 d-------- C:\srtFtpLogs
2007-11-07 15:20:08 0 d-------- C:\srtFtpData
2007-11-07 14:57:22 0 d--h----- C:\Documents and Settings\All Users\Application Data\Titan
2007-11-07 14:54:12 614400 --a------ C:\WINDOWS\system32\srxUiRes.dll <Not Verified; South River Technologies, Inc.; Titan FTP Server>
2007-11-07 14:54:12 3137536 --a------ C:\WINDOWS\system32\srxcom.dll <Not Verified; South River Technologies, Inc.; Titan FTP Server>
2007-11-07 14:54:12 540672 -----n--- C:\WINDOWS\system32\srsftp.dll <Not Verified; South River Technologies; srSftp library>
2007-11-07 14:54:12 659456 --a------ C:\WINDOWS\system32\srResDll.dll <Not Verified; South River Technologies; >
2007-11-07 14:54:12 1183744 --a------ C:\WINDOWS\system32\srFXResDll.dll <Not Verified; South River Technologies, Inc.; Titan FTP Server>
2007-11-07 14:54:10 3514368 --a------ C:\WINDOWS\system32\srxTitan.exe <Not Verified; South River Technologies, Inc.; Titan FTP Server>
2007-11-07 14:54:09 0 d-------- C:\Program Files\South River Technologies
2007-11-07 12:50:11 7680 --a------ C:\WINDOWS\system32\kbdBF.dll
2007-11-07 12:50:11 6416 --a------ C:\WINDOWS\system32\kbdbd.dll <Not Verified; ?????? ???????? ?????; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-07 11:45:50 0 d-------- C:\BackUp
2007-11-07 11:42:39 0 d-------- C:\Documents and Settings\Taina\Application Data\WinRAR
2007-11-06 12:22:43 0 d-------- C:\ftproot
2007-11-06 12:20:24 0 d-------- C:\Program Files\Cerberus
2007-11-06 09:26:49 0 d-------- C:\Documents and Settings\Taina\Application Data\SmartFTP
2007-11-06 09:26:29 0 d-------- C:\Program Files\SmartFTP Client
2007-11-05 09:33:32 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-05 09:25:58 0 d-------- C:\Program Files\Windows Live
2007-11-05 09:25:47 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-01 08:29:49 0 d-------- C:\Program Files\SA Dictionary 2005 T2
2007-11-01 08:29:29 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-11-01 07:27:47 0 d-------- C:\Program Files\KoralSoft


-- Find3M Report ---------------------------------------------------------------

2007-11-28 02:16:31 0 d-------- C:\Documents and Settings\Taina\Application Data\Azureus
2007-11-26 13:17:51 0 d-------- C:\Program Files\Windows Desktop Search
2007-11-26 13:16:35 0 d-------- C:\Program Files\mIRC
2007-11-26 13:03:37 0 d-------- C:\Program Files\Bonjour
2007-11-26 11:42:54 0 d-------- C:\Program Files\Microsoft Office Outlook Connector
2007-11-26 11:27:28 0 d-------- C:\Program Files\Azureus
2007-11-26 10:49:50 0 d-------- C:\Program Files\MagicISO
2007-11-20 12:25:22 4 --a------ C:\WINDOWS\vx86036.dat
2007-11-20 09:01:30 0 d-------- C:\Documents and Settings\Taina\Application Data\vusbsp
2007-11-15 09:28:37 0 d-------- C:\Program Files\FlashGet
2007-11-15 09:28:29 0 d-------- C:\Program Files\Common Files
2007-11-14 13:31:09 0 d-------- C:\Program Files\Messenger
2007-11-12 11:56:19 0 d-------- C:\Program Files\Windows Live Safety Center
2007-11-10 10:25:56 0 d-------- C:\Program Files\QuickTime
2007-11-08 11:54:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-08 00:15:59 0 d-------- C:\Program Files\SecureCRT
2007-11-07 11:47:36 0 d-------- C:\Documents and Settings\Taina\Application Data\mIRC
2007-11-05 09:42:48 0 d-------- C:\Program Files\MSN Messenger
2007-10-23 16:27:23 0 d-------- C:\Program Files\SoftIceNT
2007-10-23 15:04:53 0 d-------- C:\Program Files\NuMega
2007-10-10 17:43:56 584704 --a------ C:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>
2007-10-04 11:49:35 0 d-------- C:\Program Files\Razor
2007-10-04 11:37:30 0 d-------- C:\Program Files\EA Games
2007-10-04 11:37:02 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-04 10:10:48 0 d-------- C:\Documents and Settings\Taina\Application Data\Skype
2007-09-28 12:00:04 0 d-------- C:\Documents and Settings\Taina\Application Data\Windows Desktop Search
2007-09-28 10:25:52 0 d-------- C:\Program Files\MSECache
2007-09-28 08:49:02 0 d-------- C:\Documents and Settings\Taina\Application Data\Help
2007-09-12 12:20:55 109143 --a------ C:\WINDOWS\hpoins08.dat
2007-08-29 11:05:41 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/02/2004 08:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [11/02/2004 07:59 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 11:06 AM C:\WINDOWS\AGRSMMSG.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [04/22/2008 06:09 AM]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 06:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [09/21/2005 09:24 AM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [09/21/2005 02:32 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 PM C:\WINDOWS\ALCMTR.EXE]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 09:46 PM]
"@"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/19/2007 08:16 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [11/02/2007 07:30 PM]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [11/01/2007 06:22 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [06/14/2006 11:11 PM]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [6/10/2007 3:09:14 AM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 2:40:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 02:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
aeyfoc aeyfoc
oxjjgh oxjjgh


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2704bb38-62c8-11dc-bcc3-001583022705}]
AutoRun\command- M:\Loaderw.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE2480A7-A6F0-E0B3-F837-C49E5829BE08}]
C:\WINDOWS\system32\winddl32.exe



-- End of Deckard's System Scanner: finished at 2007-11-28 08:29:21 ------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top