Deckard's System Scanner v20070708.52
Run by Joe Vautour on 2008-01-05 at 21:43:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Joe Vautour.exe) -----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:57 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Joe Vautour\Desktop\Tools\Cascade's Stuff\EndlessOnline Player Bar.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Joe Vautour\Desktop\Virus Scanners\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOEVAU~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iceradio.us.to/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eobar] C:\Documents and Settings\Joe Vautour\Desktop\Tools\Cascade's Stuff\EndlessOnline Player Bar.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6702 bytes
-- Files created between 2007-12-05 and 2008-01-05 -----------------------------
2008-01-06 01:56:29 5505024 --a------ C:\Documents and Settings\Joe Vautour\ntuser.dat
2008-01-05 19:07:29 0 d-------- C:\Program Files\IceBot
2008-01-05 17:04:25 0 d-------- C:\WINDOWS\CSC
2008-01-05 16:41:09 0 d-------- C:\WINDOWS\vzones
2008-01-05 16:41:09 0 d-------- C:\Program Files\Accessories
2008-01-04 21:57:03 0 d-------- C:\Program Files\Bulk Rename Utility
2008-01-04 21:57:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2007-12-29 19:15:15 57344 --a------ C:\WINDOWS\system32\msql.dll
2007-12-29 19:14:54 385024 --a------ C:\WINDOWS\system32\libswish-e.dll
2007-12-29 19:14:54 2035712 --a------ C:\WINDOWS\system32\libmysql.dll
2007-12-29 19:14:54 165643 --a------ C:\WINDOWS\system32\libmhash.dll
2007-12-29 19:14:54 166912 --a------ C:\WINDOWS\system32\libmcrypt.dll
2007-12-29 19:14:31 346624 --a------ C:\WINDOWS\system32\gds32.dll <Not Verified; Inprise Corporation; InterBase Server>
2007-12-29 19:14:21 90112 --a------ C:\WINDOWS\system32\fribidi.dll <Not Verified; http://fribidi.sourceforge.net; FriBidi -- OpenSource implementation of Unicode bi-directional algorithm>
2007-12-29 19:14:21 417792 --a------ C:\WINDOWS\system32\fdftk.dll <Not Verified; Adobe Systems Incorporated; FdfTk>
2007-12-29 19:03:07 0 d-------- C:\Program Files\PHP
2007-12-29 06:25:23 0 d-------- C:\Program Files\Apache Software Foundation
2007-12-28 22:55:40 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-12-28 22:55:39 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2007-12-28 22:55:36 0 d-------- C:\Program Files\Cheat Engine
2007-12-13 12:06:48 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\Ventrilo
2007-12-13 12:06:18 0 d-------- C:\Program Files\Ventrilo
2007-12-11 21:56:30 0 d-------- C:\Program Files\Google
2007-12-11 11:46:02 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 11:44:28 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-12-11 11:44:28 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-11 11:44:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-11 11:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 11:44:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 11:44:18 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-11 11:43:44 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
-- Find3M Report ---------------------------------------------------------------
2008-01-05 19:35:25 0 d-------- C:\Program Files\Trainer Maker Kit
2008-01-05 18:55:56 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\Hamachi
2008-01-05 18:52:55 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\Xfire
2008-01-04 23:01:16 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\LimeWire
2008-01-03 21:19:37 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\IceChat
2008-01-01 22:38:26 0 d-------- C:\Program Files\FlashGet
2008-01-01 22:08:31 0 d-------- C:\Program Files\DivX
2008-01-01 21:18:09 0 d-------- C:\Program Files\LimeWire
2008-01-01 06:50:57 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\Adobe
2007-12-30 23:25:38 0 d-------- C:\Program Files\Endless-Online Remake
2007-12-24 01:05:00 0 d-------- C:\Program Files\IceChat7
2007-12-13 12:05:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 21:58:50 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-11 16:57:08 0 d-------- C:\Program Files\EndlessOnline27
2007-12-07 21:56:35 0 d-------- C:\Program Files\AIM6
2007-12-07 21:56:16 0 d-------- C:\Program Files\Viewpoint
2007-12-06 00:06:13 0 d-------- C:\Documents and Settings\Joe Vautour\Application Data\uTorrent
2007-12-05 03:24:46 34 --a------ C:\WINDOWS\system32\BD2040.DAT
2007-12-03 23:59:32 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-12-03 23:43:30 0 d-------- C:\Program Files\!xSpeedPro
2007-12-02 15:31:47 0 d-------- C:\Program Files\Windows Live Toolbar
2007-12-02 15:31:37 0 d-------- C:\Program Files\Windows Live Favorites
2007-11-27 07:26:11 0 d---s---- C:\Program Files\Xfire
2007-11-26 20:19:03 0 d-------- C:\Program Files\MSN Messenger
2007-11-21 13:46:47 0 d-------- C:\Program Files\EndlessOnline[Auto]
2007-11-21 12:19:46 0 d-------- C:\Program Files\EndlessOnline
2007-11-20 22:17:01 0 d-------- C:\Program Files\SwiftSwitch
2007-11-20 00:35:12 0 d-------- C:\Program Files\SCAR 3.13
2007-11-13 01:02:40 3106816 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-13 00:38:02 0 d-------- C:\Program Files\Common Files\Stardock
2007-11-13 00:38:01 0 d-------- C:\Program Files\Stardock
2007-11-13 00:28:16 0 d-------- C:\Program Files\DuoPixart
2007-11-13 00:28:15 7518952 --a------ C:\WINDOWS\system32\LK.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-11-13 00:19:20 0 d-------- C:\Program Files\CursorXP
2007-11-13 00:18:42 0 d-------- C:\Program Files\WinCustomize
2007-11-08 16:03:50 3284 --a------ C:\WINDOWS\system32\ANIWZCS{B59C541A-73AA-4611-B82B-70340C8F8417}
2007-10-12 22:30:40 15044 --ah----- C:\WINDOWS\system32\mlfcache.dat
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll
{F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"AlcxMonitor"="ALCXMNTR.EXE"
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"eobar"="C:\\Documents and Settings\\Joe Vautour\\Desktop\\Tools\\Cascade's Stuff\\EndlessOnline Player Bar.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
-- End of Deckard's System Scanner: finished at 2008-01-05 at 21:44:26 ---------
Edited by Infectedlie^.^, 05 January 2008 - 09:56 PM.