Thread: hijack log and my questions...
View Single Post
Old 05-27-2008, 05:23 PM   #5 (permalink)
Larry
Larry's Avatar
 

Join Date: May 2003

Posts: 1,797

Larry has disabled reputation
Default Re: hijack log and my questions...
-- HijackThis Fixed Entries (D:\delete\backups\) -------------------------------
backup-20080514-123416-587 O1 - Hosts: HP49824F HP001CC449824F
backup-20080515-083039-285 O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
backup-20080515-083039-505 O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
backup-20080515-083039-680 O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
backup-20080515-083039-838 O4 - HKLM\..\Run: [DNS7reminder] "D:\Program Files\Program\ereg.exe" -r "D:\Program Files\Program\ereg.ini"
backup-20080519-135059-677 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
backup-20080523-084722-519 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
backup-20080523-084722-593 O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
backup-20080523-084722-614 O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
backup-20080523-084722-813 O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
backup-20080523-084833-162 O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
backup-20080523-084833-214 O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - jsfile - DefaultIcon - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin Discrete>
R3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 PTproct - c:\program files\dellautomatedpctuneup\gtaction\triggers\ptpr oct.sys <Not Verified; Gteko Ltd.; processt>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirMailService (Avira Premium Security Suite MailGuard) - "d:\avira\avira premium security suite\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira Premium Security Suite Scheduler) - "d:\avira\avira premium security suite\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira Premium Security Suite WebGuard) - "d:\avira\avira premium security suite\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AVEService (Avira Premium Security Suite MailGuard helper service) - "d:\avira\avira premium security suite\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
S3 bepldr (BCL easyPDF SDK 5 Loader) - "c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe" <Not Verified; ; bepldr Module>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: Grisoft
Name: Microsoft TV/Video Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: Grisoft
Name: Intel(R) 82562V-2 10/100 Network Connection - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0002
Manufacturer: Grisoft
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0002
Service: Avgfwdx

-- Files created between 2008-04-27 and 2008-05-27 -----------------------------
2008-05-23 11:47:50 0 d-------- C:\WINDOWS\Prefetch
2008-05-23 11:41:33 0 d-------- C:\WINDOWS\system32\scripting
2008-05-23 11:41:33 0 d-------- C:\WINDOWS\l2schemas
2008-05-23 11:41:32 0 d-------- C:\WINDOWS\system32\en
2008-05-23 11:41:32 0 d-------- C:\WINDOWS\system32\bits
2008-05-23 11:38:55 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-23 10:18:00 0 d-------- C:\Documents and Settings\pc\Application Data\OfficeUpdate12
2008-05-23 10:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-23 08:50:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-22 21:27:59 0 d-------- C:\Documents and Settings\pc\Application Data\MiniDm
2008-05-22 21:12:11 0 d-------- C:\Documents and Settings\pc\Application Data\IEPro
2008-05-17 13:37:41 0 d-------- C:\Documents and Settings\pc\Application Data\StomperScrutinizer.80D30D081DF260F3E4CECC0C2A 6ADDA2F74D545F.1
2008-05-17 13:37:37 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-16 08:32:27 0 dr-h----- C:\Documents and Settings\pc\Recent
2008-05-13 23:07:20 0 d-------- C:\Documents and Settings\pc\Application Data\Avira
2008-05-13 21:42:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-13 15:44:43 0 d-------- C:\Documents and Settings\pc\.housecall6.6
2008-05-08 16:30:23 0 d-------- C:\MDT
2008-05-08 16:29:56 0 d-------- C:\Documents and Settings\pc\Application Data\CyberLink
2008-05-08 16:29:56 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-30 22:43:34 2913 --a------ C:\Documents and Settings\pc\Application Data\SAS7_000.DAT
2008-04-30 21:49:39 0 d-------- C:\Documents and Settings\pc\Application Data\Nuance
2008-04-30 21:46:03 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2008-04-30 21:46:03 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-04-30 21:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Nuance
2008-04-30 21:45:34 0 d-------- C:\WINDOWS\speech

-- Find3M Report ---------------------------------------------------------------
2008-05-27 15:06:32 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-05-27 15:06:32 53248 --a------ C:\WINDOWS\system32\Kdfhok.dll <Not Verified; Kings Information & Network; Kings kdfhok>
2008-05-27 15:06:32 77824 --a------ C:\WINDOWS\system32\kdfapi.dll <Not Verified; Kings Information & Network; lab kdfapi>
2008-05-26 13:41:41 0 d-------- C:\Documents and Settings\pc\Application Data\BitZipper
2008-05-23 11:41:59 0 d-------- C:\Program Files\Messenger
2008-05-23 11:41:32 0 d-------- C:\Program Files\Movie Maker
2008-05-23 11:38:36 0 d-------- C:\Program Files\Windows NT
2008-05-23 10:29:28 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-20 08:57:02 0 d-------- C:\Program Files\Google
2008-05-17 13:37:37 0 d-------- C:\Program Files\Common Files
2008-05-17 13:37:01 0 d-------- C:\Documents and Settings\pc\Application Data\Adobe
2008-04-16 19:56:46 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-04-04 00:45:46 0 d-------- C:\Documents and Settings\pc\Application Data\Google
2008-04-02 03:22:05 0 d-------- C:\Documents and Settings\pc\Application Data\Skype
2008-04-02 01:09:06 0 d-------- C:\Documents and Settings\pc\Application Data\skypePM
2008-03-28 16:51:46 0 d-------- C:\Documents and Settings\pc\Application Data\Roxio
2008-03-28 14:23:04 0 d-------- C:\Documents and Settings\pc\Application Data\HP
2008-03-28 10:51:19 0 d-------- C:\Documents and Settings\pc\Application Data\webex
2008-03-28 10:51:12 0 d-------- C:\Program Files\WebEx
2008-03-27 08:48:19 0 d-------- C:\Program Files\HP
2008-03-07 14:17:28 157 --a------ C:\Program Files\INSTALL.LOG

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1656CCA-D2EA-4A32-94AE-AE0B180E6449}]
09/16/2007 09:21 AM 103760 --a------ D:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.d ll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/09/2007 03:02 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/22/2007 03:27 PM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [07/22/2007 03:27 PM C:\WINDOWS\ALCMTR.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [02/16/2005 04:15 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 05:23 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/13/2008 02:48 PM]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [05/24/2007 07:03 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"UfSeAgnt.exe"="D:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [02/16/2008 12:56 AM]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 08:54 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBE V~1\Server\bin\VERSIO~2.EXE" [03/20/2007 05:40 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 04:00 PM]
"avgnt"="D:\Avira\Avira Premium Security Suite\avgnt.exe" [02/12/2008 10:06 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 07:12 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 09:23 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 5:21:22 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll 03/19/2008 02:03 PM 45368 C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8e3e08f3-1b80-11dd-95c8-001d09855136}]
AutoRun\command- G:\system\viewer\FlipVideoforPC.exe
Flip Video for PC\command- G:\system\viewer\FlipVideoforPC.exe


-- End of Deckard's System Scanner: finished at 2008-05-27 16:00:58 ------------
Larry is offline