12:57 AM 5/2/2008Deckard's System Scanner v20071014.68
Run by 42 on 2008-05-02 00:56:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as 42.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:48 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\42.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1173583676156O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1173583668609O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 3538 bytes
-- Files created between 2008-04-02 and 2008-05-02 -----------------------------
2008-05-02 00:56:06 0 d-------- C:\Program Files\Trend Micro
2008-05-02 00:15:59 0 d-------- C:\Documents and Settings\42\Application Data\Malwarebytes
2008-05-02 00:15:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 00:15:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 00:06:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-02 00:06:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-02 00:06:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-02 00:06:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-02 00:06:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-02 00:06:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-02 00:06:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-02 00:06:51 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-01 23:25:07 0 d-------- C:\bintheredunthat
2008-05-01 23:20:01 0 d-------- C:\BFU
2008-05-01 23:12:32 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-05-01 23:12:32 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-05-01 23:12:32 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-05-01 23:12:32 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-05-01 23:12:31 262144 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-05-01 22:38:15 0 d-------- C:\WINDOWS\Prefetch
2008-05-01 22:35:07 0 d---s---- C:\Documents and Settings\42\Cookies
2008-05-01 22:35:05 0 dr-h----- C:\Documents and Settings\42\Recent
2008-05-01 22:15:15 7288 --a------ C:\idsuite_run.bat
2008-05-01 21:28:30 0 d-------- C:\WINDOWS\pss
2008-05-01 20:38:44 0 d-------- C:\WINDOWS\CSC
2008-05-01 15:31:27 0 d-------- C:\Documents and Settings\42\Application Data\Uniblue
2008-05-01 15:31:18 0 d-------- C:\Program Files\Uniblue
2008-05-01 15:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 15:23:39 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-01 15:13:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2008-05-01 15:12:26 0 d-------- C:\Program Files\PocoMan
2008-05-01 15:12:22 0 d-------- C:\Program Files\Riven
2008-05-01 15:11:53 0 d-------- C:\Program Files\Common Files\Java
2008-05-01 15:11:52 0 d-------- C:\Program Files\Java
2008-04-25 17:35:57 0 d-------- C:\Program Files\Java(2)
2008-04-25 17:35:06 0 d-------- C:\Program Files\Common Files\Java(2)
-- Find3M Report ---------------------------------------------------------------
2008-05-01 21:00:15 0 d-------- C:\Program Files\Windows NT
2008-05-01 15:17:13 0 d-------- C:\Program Files\ffdshow
2008-05-01 15:16:08 0 d-------- C:\Documents and Settings\42\Application Data\Move Networks
2008-05-01 15:15:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 15:12:31 0 d-------- C:\Program Files\Apple Software Update
2008-05-01 15:11:47 0 d-------- C:\Program Files\Common Files
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/03/2004 10:10 PM]
"SoundMan"="SOUNDMAN.EXE" [02/09/2004 01:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/12/2006 11:46 PM]
"HPHmon03"="C:\WINDOWS\system32\hphmon03.exe" [01/12/2006 11:46 PM]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [04/21/2006 03:42 PM]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [11/13/2007 07:03 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
*Newly Created Service* - CATCHME
-- End of Deckard's System Scanner: finished at 2008-05-02 00:57:09 ------------