Keylogger issues
About 5 months ago, my warcraft account was hacked. I formatted my hard drive, regained control of the account (with many things missing) and went on playing. Again, my account password was changed. At this point, it is happening constantly. I don't know what it is that I am doing where I keep getting this keylogger, but I'd like to remove it and prevent it from coming back.
Also, windows takes nearly 5 minutes to start whenever it is turned off and back on now. I use a P2P program called Fast Torrent for downloading things such as movies off warcraftmovies.com, but not game cracks, theatrical movies, whatever.
At this point, I don't know if the keylogger is still on my computer, but I haven't attempted to log into anything worth stealing in a while either. This is my first time posting information like this. Let me know if I am missing anything important.
Deckard's System Scanner v20071014.68
Run by Mookie on 2008-06-09 13:07:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
101: 2008-06-09 17:07:21 UTC - RP101 - Deckard's System Scanner Restore Point
100: 2008-06-09 16:32:34 UTC - RP100 - System Checkpoint
99: 2008-06-08 09:45:13 UTC - RP99 - System Checkpoint
98: 2008-06-07 01:57:41 UTC - RP98 - System Checkpoint
97: 2008-06-05 22:28:22 UTC - RP97 - System Checkpoint
-- First Restore Point --
1: 2008-03-22 07:56:11 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mookie.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:48 PM, on 6/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mookie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mookie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\System32\dwabho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1208359691543
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208359684075
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mercury.pfeiffer.edu/dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe (file missing)
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
--
End of file - 4946 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080602-213708-573 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys
S0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 GMSIPCI - h:\install\gmsipci.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
S3 o1394bul - c:\docume~1\mookie\locals~1\temp\o1394bul.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ServerTime - c:\docume~1\mookie\locals~1\temp\svchost.exe (file missing)
R2 SnoopFreeSvc (SnoopFree Service) - system32\snoopfreesvc.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_CB8410DE&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_CB8410DE&REV_A3\3&2411E6FE&0&11
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A66L5S0S IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A66L5S0S IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: axkje6zn
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: mssmbios
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 13:04:03 0 d-------- C:\ie-spyad_zo
2008-06-09 12:59:47 0 d-------- C:\Program Files\Panda Security
2008-06-08 15:40:22 90112 --a------ C:\WINDOWS\System32\SnoopFreeSvc.exe
2008-06-08 15:40:22 9472 --a------ C:\WINDOWS\System32\drivers\SnopFree.sys
2008-06-08 15:40:22 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-06-08 15:40:22 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-06-08 06:15:10 0 d-------- C:\Program Files\World of Warcraft
2008-06-02 17:41:49 96966 --a------ C:\WINDOWS\System32\drivers\klin.dat
2008-06-02 17:41:49 88774 --a------ C:\WINDOWS\System32\drivers\klick.dat
2008-06-02 17:41:26 17440 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-06-02 17:41:26 1985568 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-06-02 17:41:26 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-02 17:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 17:40:37 0 d-------- C:\kav
2008-05-30 08:50:31 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-30 08:49:41 593920 -----n--- C:\WINDOWS\System32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-30 08:49:08 0 d-------- C:\ATI
2008-05-29 23:47:42 0 d-------- C:\WINDOWS\Drivers
2008-05-29 23:24:24 552 --a------ C:\WINDOWS\System32\d3d8caps.dat
2008-05-29 23:24:19 0 d-------- C:\Documents and Settings\Mookie\Application Data\SystemRequirementsLab
2008-05-29 23:23:30 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
2008-05-29 22:20:48 0 d------c- C:\WINDOWS\System32\DRVSTORE
2008-05-29 22:20:48 0 d-------- C:\Program Files\AMD
2008-05-29 22:20:27 0 d-------- C:\Documents and Settings\Mookie\Application Data\InstallShield
2008-05-27 14:38:47 0 d-------- C:\Program Files\Funcom
2008-05-19 15:31:39 0 d-------- C:\WINDOWS\System32\Lang
2008-05-17 15:50:03 0 d--h----- C:\WINDOWS\PIF
2008-05-15 23:20:53 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-15 08:53:48 40960 -r------- C:\WINDOWS\System32\ChCfg.exe
2008-05-15 08:53:40 294912 -r------- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-15 08:53:40 200704 -r------- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-15 08:53:11 0 d-------- C:\WINDOWS\NV2040228.TMP
2008-05-15 08:52:59 0 d-------- C:\WINDOWS\LastGood
2008-05-12 22:10:06 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-05-12 22:09:41 0 d-------- C:\NVIDIA
2008-05-12 19:20:02 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-12 19:14:22 23600 --a------ C:\WINDOWS\System32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-11 22:59:29 0 d-------- C:\Program Files\Trend Micro
-- Find3M Report ---------------------------------------------------------------
2008-06-09 12:50:40 0 d-------- C:\Documents and Settings\Mookie\Application Data\Fast Torrent
2008-06-08 15:44:31 40 --a------ C:\biosinfo
2008-05-30 08:49:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 23:20:53 0 d-------- C:\Program Files\Common Files
2008-05-08 00:28:58 0 d-------- C:\Documents and Settings\Mookie\Application Data\Ventrilo
2008-05-08 00:26:56 0 d-------- C:\Program Files\Ventrilo
2008-05-08 00:26:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 09:32:29 0 d-------- C:\Documents and Settings\Mookie\Application Data\Adobe
2008-05-06 09:31:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-05 21:27:21 0 d-------- C:\Program Files\WinAce
2008-05-02 11:12:50 0 d-------- C:\Program Files\Viewpoint
2008-05-02 11:03:59 102912 --a------ C:\WINDOWS\System32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-02 11:03:59 209008 --a------ C:\WINDOWS\System32\kbhookdll.dll
2008-05-02 06:16:15 0 d-------- C:\Program Files\AIM6
2008-05-02 06:10:44 0 d-------- C:\Program Files\Security Task Manager
2008-04-28 15:44:10 0 d-------- C:\Program Files\Firefly Studios
2008-04-27 11:18:47 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-16 12:58:00 0 d-------- C:\Documents and Settings\Mookie\Application Data\DAEMON Tools
2008-04-16 11:52:38 0 d-------- C:\Program Files\Windows NT
2008-04-16 11:52:36 0 d-------- C:\Program Files\Movie Maker
2008-04-16 11:52:36 0 d-------- C:\Program Files\Messenger
2008-04-16 11:28:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-12 01:48:24 0 d-------- C:\Documents and Settings\Mookie\Application Data\vlc
2008-04-12 01:47:50 0 d-------- C:\Program Files\VideoLAN
2008-04-11 20:07:36 0 d-------- C:\Program Files\Fast Torrent
2008-03-22 04:28:17 0 --a----c- C:\WINDOWS\nsreg.dat
2008-03-22 03:49:38 0 -rahs---- C:\MSDOS.SYS
2008-03-22 03:49:38 0 -rahs---- C:\IO.SYS
2008-03-22 03:49:38 0 --a------ C:\CONFIG.SYS
2008-03-22 03:49:38 0 --a------ C:\AUTOEXEC.BAT
2008-03-22 03:47:29 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-03-21 19:41:52 62 --ahs---- C:\Documents and Settings\Mookie\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/21/2005 10:54 PM]
"nwiz"="nwiz.exe" [04/21/2005 10:54 PM C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [06/30/2005 02:03 AM]
"SW24"="C:\WINDOWS\System32\sw24.exe" [07/04/2005 01:29 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [04/21/2005 10:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 01:16 AM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 10:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [06/08/2008 03:40 PM C:\WINDOWS\SnoopFreeUI.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/02/2001 11:14 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 04:50 PM]
"I-Hate-Keyloggers"="C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe" []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SNOOPFREE
*Newly Created Service* - SNOOPFREESVC
-- End of Deckard's System Scanner: finished at 2008-06-09 13:17:31 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:10 PM, on 6/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\System32\dwabho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1208359691543
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208359684075
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mercury.pfeiffer.edu/dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
--
End of file - 4960 bytes
Also, windows takes nearly 5 minutes to start whenever it is turned off and back on now. I use a P2P program called Fast Torrent for downloading things such as movies off warcraftmovies.com, but not game cracks, theatrical movies, whatever.
At this point, I don't know if the keylogger is still on my computer, but I haven't attempted to log into anything worth stealing in a while either. This is my first time posting information like this. Let me know if I am missing anything important.
Deckard's System Scanner v20071014.68
Run by Mookie on 2008-06-09 13:07:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
101: 2008-06-09 17:07:21 UTC - RP101 - Deckard's System Scanner Restore Point
100: 2008-06-09 16:32:34 UTC - RP100 - System Checkpoint
99: 2008-06-08 09:45:13 UTC - RP99 - System Checkpoint
98: 2008-06-07 01:57:41 UTC - RP98 - System Checkpoint
97: 2008-06-05 22:28:22 UTC - RP97 - System Checkpoint
-- First Restore Point --
1: 2008-03-22 07:56:11 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mookie.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:48 PM, on 6/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mookie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mookie.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\System32\dwabho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1208359691543
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208359684075
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mercury.pfeiffer.edu/dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe (file missing)
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
--
End of file - 4946 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080602-213708-573 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SnoopFree (SnoopFree Driver) - c:\windows\system32\drivers\snopfree.sys
S0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 GMSIPCI - h:\install\gmsipci.sys (file missing)
S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
S3 ip6fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
S3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
S3 o1394bul - c:\docume~1\mookie\locals~1\temp\o1394bul.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ServerTime - c:\docume~1\mookie\locals~1\temp\svchost.exe (file missing)
R2 SnoopFreeSvc (SnoopFree Service) - system32\snoopfreesvc.exe
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_CB8410DE&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_CB8410DE&REV_A3\3&2411E6FE&0&11
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Manufacturer: Nvidia
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&319866BE&0&01
Service: NVENETFD
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A66L5S0S IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A66L5S0S IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: axkje6zn
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft System Management BIOS Driver
Device ID: ROOT\SYSTEM\0002
Manufacturer: (Standard system devices)
Name: Microsoft System Management BIOS Driver
PNP Device ID: ROOT\SYSTEM\0002
Service: mssmbios
-- Files created between 2008-05-09 and 2008-06-09 -----------------------------
2008-06-09 13:04:03 0 d-------- C:\ie-spyad_zo
2008-06-09 12:59:47 0 d-------- C:\Program Files\Panda Security
2008-06-08 15:40:22 90112 --a------ C:\WINDOWS\System32\SnoopFreeSvc.exe
2008-06-08 15:40:22 9472 --a------ C:\WINDOWS\System32\drivers\SnopFree.sys
2008-06-08 15:40:22 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-06-08 15:40:22 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-06-08 06:15:10 0 d-------- C:\Program Files\World of Warcraft
2008-06-02 17:41:49 96966 --a------ C:\WINDOWS\System32\drivers\klin.dat
2008-06-02 17:41:49 88774 --a------ C:\WINDOWS\System32\drivers\klick.dat
2008-06-02 17:41:26 17440 --ahs---- C:\WINDOWS\System32\drivers\fidbox2.dat
2008-06-02 17:41:26 1985568 --ahs---- C:\WINDOWS\System32\drivers\fidbox.dat
2008-06-02 17:41:26 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-02 17:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-02 17:40:37 0 d-------- C:\kav
2008-05-30 08:50:31 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-05-30 08:49:41 593920 -----n--- C:\WINDOWS\System32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-30 08:49:08 0 d-------- C:\ATI
2008-05-29 23:47:42 0 d-------- C:\WINDOWS\Drivers
2008-05-29 23:24:24 552 --a------ C:\WINDOWS\System32\d3d8caps.dat
2008-05-29 23:24:19 0 d-------- C:\Documents and Settings\Mookie\Application Data\SystemRequirementsLab
2008-05-29 23:23:30 664 --a------ C:\WINDOWS\System32\d3d9caps.dat
2008-05-29 22:20:48 0 d------c- C:\WINDOWS\System32\DRVSTORE
2008-05-29 22:20:48 0 d-------- C:\Program Files\AMD
2008-05-29 22:20:27 0 d-------- C:\Documents and Settings\Mookie\Application Data\InstallShield
2008-05-27 14:38:47 0 d-------- C:\Program Files\Funcom
2008-05-19 15:31:39 0 d-------- C:\WINDOWS\System32\Lang
2008-05-17 15:50:03 0 d--h----- C:\WINDOWS\PIF
2008-05-15 23:20:53 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-15 08:53:48 40960 -r------- C:\WINDOWS\System32\ChCfg.exe
2008-05-15 08:53:40 294912 -r------- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-05-15 08:53:40 200704 -r------- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-05-15 08:53:11 0 d-------- C:\WINDOWS\NV2040228.TMP
2008-05-15 08:52:59 0 d-------- C:\WINDOWS\LastGood
2008-05-12 22:10:06 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-05-12 22:09:41 0 d-------- C:\NVIDIA
2008-05-12 19:20:02 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-12 19:14:22 23600 --a------ C:\WINDOWS\System32\drivers\TVICHW32.SYS <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
2008-05-11 22:59:29 0 d-------- C:\Program Files\Trend Micro
-- Find3M Report ---------------------------------------------------------------
2008-06-09 12:50:40 0 d-------- C:\Documents and Settings\Mookie\Application Data\Fast Torrent
2008-06-08 15:44:31 40 --a------ C:\biosinfo
2008-05-30 08:49:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 23:20:53 0 d-------- C:\Program Files\Common Files
2008-05-08 00:28:58 0 d-------- C:\Documents and Settings\Mookie\Application Data\Ventrilo
2008-05-08 00:26:56 0 d-------- C:\Program Files\Ventrilo
2008-05-08 00:26:36 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 09:32:29 0 d-------- C:\Documents and Settings\Mookie\Application Data\Adobe
2008-05-06 09:31:11 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-05 21:27:21 0 d-------- C:\Program Files\WinAce
2008-05-02 11:12:50 0 d-------- C:\Program Files\Viewpoint
2008-05-02 11:03:59 102912 --a------ C:\WINDOWS\System32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-02 11:03:59 209008 --a------ C:\WINDOWS\System32\kbhookdll.dll
2008-05-02 06:16:15 0 d-------- C:\Program Files\AIM6
2008-05-02 06:10:44 0 d-------- C:\Program Files\Security Task Manager
2008-04-28 15:44:10 0 d-------- C:\Program Files\Firefly Studios
2008-04-27 11:18:47 98304 --a------ C:\WINDOWS\System32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-04-16 12:58:00 0 d-------- C:\Documents and Settings\Mookie\Application Data\DAEMON Tools
2008-04-16 11:52:38 0 d-------- C:\Program Files\Windows NT
2008-04-16 11:52:36 0 d-------- C:\Program Files\Movie Maker
2008-04-16 11:52:36 0 d-------- C:\Program Files\Messenger
2008-04-16 11:28:30 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-12 01:48:24 0 d-------- C:\Documents and Settings\Mookie\Application Data\vlc
2008-04-12 01:47:50 0 d-------- C:\Program Files\VideoLAN
2008-04-11 20:07:36 0 d-------- C:\Program Files\Fast Torrent
2008-03-22 04:28:17 0 --a----c- C:\WINDOWS\nsreg.dat
2008-03-22 03:49:38 0 -rahs---- C:\MSDOS.SYS
2008-03-22 03:49:38 0 -rahs---- C:\IO.SYS
2008-03-22 03:49:38 0 --a------ C:\CONFIG.SYS
2008-03-22 03:49:38 0 --a------ C:\AUTOEXEC.BAT
2008-03-22 03:47:29 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2008-03-21 19:41:52 62 --ahs---- C:\Documents and Settings\Mookie\Application Data\desktop.ini
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [04/21/2005 10:54 PM]
"nwiz"="nwiz.exe" [04/21/2005 10:54 PM C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\System32\sw20.exe" [06/30/2005 02:03 AM]
"SW24"="C:\WINDOWS\System32\sw24.exe" [07/04/2005 01:29 AM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [04/21/2005 10:54 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 01:16 AM]
"SoundMan"="SOUNDMAN.EXE" [05/17/2005 10:48 PM C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [02/08/2008 06:36 PM]
"SnoopFreeUI"="SnoopFreeUI.exe" [06/08/2008 03:40 PM C:\WINDOWS\SnoopFreeUI.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/02/2001 11:14 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/06/2008 04:50 PM]
"I-Hate-Keyloggers"="C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe" []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SNOOPFREE
*Newly Created Service* - SNOOPFREESVC
-- End of Deckard's System Scanner: finished at 2008-06-09 13:17:31 ------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:10 PM, on 6/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SnoopFreeUI.exe
C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINDOWS\System32\dwabho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Mookie\My Documents\i-hate-keyloggers.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1208359691543
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1208359684075
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://mercury.pfeiffer.edu/dwa7W.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServerTime - Unknown owner - C:\DOCUME~1\Mookie\LOCALS~1\Temp\svchost.exe
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
--
End of file - 4960 bytes
- Status
- Not open for further replies.
1 - 1 of 1 Posts
1 - 1 of 1 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
