View Single Post
  #4  
Old August 1st, 2008, 10:01 AM
WayneWhitty's Avatar
WayneWhitty WayneWhitty is offline
Member
 
Join Date: Dec 2006
Posts: 58
Main.txt Part 2

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080731-102459-356 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnKdArp.dll,#1
backup-20080731-102521-496 O2 - BHO: (no name) - {F1079574-5D98-4990-9ECB-36AE259CB2C8} - C:\Windows\system32\opnKdArp.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcuWVSSchedulerv5 (Acunetix WVS Scheduler v5) - "c:\program files\acunetix\web vulnerability scanner 5\wvsscheduler.exe" <Not Verified; Acunetix Ltd.; Acunetix Vulnerability Editor>
R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>

S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 10:04:51 0 d-------- C:\Program Files\Trend Micro
2008-07-31 09:11:19 36352 --a------ C:\Windows\system32\opnKdArp.dll
2008-07-30 17:58:31 36352 --a------ C:\Windows\system32\mlJyxWoL.dll
2008-07-30 17:29:11 0 --a------ C:\Windows\system32\ssqPfcaY.dll
2008-07-30 17:07:50 89600 --a------ C:\Windows\system32\kkqloapl.dll
2008-07-30 17:07:05 388122 --ahs---- C:\Windows\system32\wFehNXyb.ini2
2008-07-29 17:40:55 0 d-------- C:\cygwin
2008-07-28 17:47:36 770048 --a------ C:\Windows\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-07-28 17:47:35 532480 --a------ C:\Windows\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module>
2008-07-28 17:47:35 589824 --a------ C:\Windows\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2008-07-28 17:47:35 73728 --a------ C:\Windows\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2008-07-28 17:47:34 655360 --a------ C:\Windows\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2008-07-28 17:40:29 0 d-------- C:\Users\All Users\Sony Corporation
2008-07-28 17:34:44 0 d-a------ C:\Users\All Users\TEMP
2008-07-28 17:34:44 0 d-------- C:\Program Files\Sony
2008-07-28 17:34:42 0 d-------- C:\Windows\system32\Iosubsys
2008-07-28 17:31:25 0 d-------- C:\Program Files\Common Files\Sony Shared
2008-07-24 11:08:54 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-24 10:59:52 345 --ahs---- C:\Windows\system32\tCccfNpo.ini2
2008-07-24 10:07:02 0 d--h----- C:\$AVG8.VAULT$
2008-07-24 09:35:05 80384 --a------ C:\Windows\system32\kkarmaeg.dll
2008-07-24 09:34:25 91136 --a------ C:\Windows\system32\yahnycba.dll
2008-07-24 09:29:03 392743 --ahs---- C:\Windows\system32\hQWxyyxx.ini2
2008-07-24 09:23:45 0 d-------- C:\Users\All Users\avg8
2008-07-24 09:23:45 0 d-------- C:\Program Files\AVG
2008-07-23 16:11:15 0 d-------- C:\Program Files\0x90.org
2008-07-23 12:09:34 345 --ahs---- C:\Windows\system32\cLkSAJjl.ini2
2008-07-23 12:04:15 36352 --a------ C:\Windows\system32\rqRJCVMd.dll
2008-07-23 09:51:44 0 d-------- C:\Users\myhorse\AcunetixScanner
2008-07-23 09:51:23 0 d-------- C:\Program Files\Acunetix
2008-07-21 09:49:47 0 d-------- C:\Windows\pss
2008-07-21 09:17:39 0 d-------- C:\Users\All Users\Lavasoft
2008-07-17 13:36:43 0 d-------- C:\Program Files\TeamViewer3
2008-07-17 13:36:28 0 d-------- C:\Users\myhorse\temp
2008-07-17 12:47:22 0 d-------- C:\Program Files\UltraVNC
2008-07-17 11:58:42 0 d-------- C:\Program Files\RealVNC
2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\sysfolderazipcnt.dll
2008-07-17 09:45:26 58904 --a------ C:\Windows\system32\azipcontmn.dll
2008-07-17 09:45:23 0 d-------- C:\Program Files\AlphaZIP
2008-07-14 15:24:11 0 d-------- C:\Users\All Users\Nokia
2008-07-14 15:24:09 0 d-------- C:\Program Files\Common Files\Nokia
2008-07-14 15:23:14 0 d-------- C:\Users\All Users\PC Suite
2008-07-14 15:21:45 0 d-------- C:\Program Files\Common Files\PCSuite
2008-07-14 15:14:12 0 d-------- C:\Program Files\PC Connectivity Solution
2008-07-14 15:10:40 90624 --a------ C:\Windows\system32\nmwcdcls.dll <Not Verified; Nokia; >
2008-07-14 15:10:40 0 d-------- C:\Program Files\Nokia


-- Find3M Report ---------------------------------------------------------------

2008-08-01 09:50:00 0 d-------- C:\Users\myhorse\AppData\Roaming\Skype
2008-08-01 08:02:55 0 d-------- C:\Users\myhorse\AppData\Roaming\skypePM
2008-07-31 09:18:29 0 d-------- C:\Program Files\PHP Editor
2008-07-31 08:58:41 0 d-------- C:\Program Files\activePDF
2008-07-31 08:56:40 0 d-------- C:\Program Files\Common Files
2008-07-30 11:44:59 0 d-------- C:\Users\myhorse\AppData\Roaming\LimeWire
2008-07-28 17:48:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 17:31:27 0 d-------- C:\Users\myhorse\AppData\Roaming\Sony Corporation
2008-07-23 10:24:29 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-21 11:00:44 0 d-------- C:\Users\myhorse\AppData\Roaming\Opera
2008-07-17 13:42:39 0 d-------- C:\Users\myhorse\AppData\Roaming\Adobe
2008-07-17 13:36:47 0 d-------- C:\Users\myhorse\AppData\Roaming\TeamViewer
2008-07-17 11:18:25 0 d-------- C:\Users\myhorse\AppData\Roaming\WinRAR
2008-07-14 15:26:01 0 d-------- C:\Users\myhorse\AppData\Roaming\Nokia
2008-07-14 15:23:19 0 d-------- C:\Users\myhorse\AppData\Roaming\PC Suite
2008-07-10 03:09:16 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 03:00:55 0 d-------- C:\Program Files\Windows Mail
2008-06-26 15:28:09 0 d-------- C:\Program Files\Google
2008-06-25 11:05:13 1160 --a------ C:\Windows\mozver.dat
2008-06-23 16:25:36 0 d-------- C:\Users\myhorse\AppData\Roaming\Macromedia
2008-06-17 14:56:33 0 d-------- C:\Program Files\Macromedia
2008-06-17 14:53:36 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-17 09:10:06 0 d-------- C:\Program Files\ubcam
2008-06-16 17:53:54 0 d-------- C:\Program Files\Softland
2008-06-16 14:16:19 0 d-------- C:\Program Files\Apache Software Foundation
2008-06-13 15:01:52 4874301 --a------ C:\Windows\system32\php5ts.dll <Not Verified; The PHP Group; PHP Script Interpreter>
2008-06-13 15:01:47 2076672 --a------ C:\Windows\system32\libmysql.dll
2008-06-13 13:03:55 0 --a------ C:\Windows\nsreg.dat
2008-06-13 13:03:49 0 d-------- C:\Users\myhorse\AppData\Roaming\Mozilla
2008-06-13 11:22:04 56 --ah----- C:\Windows\system32\ezsidmv.dat
2008-06-13 10:49:13 0 d-------- C:\Users\myhorse\AppData\Roaming\Google
2008-06-13 10:33:55 0 d-------- C:\Program Files\Skype
2008-06-13 10:33:53 0 d-------- C:\Program Files\Common Files\Skype
2008-06-13 09:25:02 0 d-------- C:\Users\myhorse\AppData\Roaming\SmartFTP
2008-06-13 09:24:35 0 d-------- C:\Program Files\SmartFTP Client
2008-06-13 09:23:29 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-06-13 09:17:20 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0D465E-FC29-4634-88E7-E31D01518F4D}]
C:\Windows\system32\byXNheFw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3D076D7-6BD4-4D39-81B2-09A26EB4C3F4}]
C:\Windows\system32\xxyyxWQh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F1079574-5D98-4990-9ECB-36AE259CB2C8}]
23/07/2008 12:04 36352 --a------ C:\Windows\system32\opnKdArp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 19:50]
"RtHDVCpl"="RtHDVCpl.exe" [14/05/2007 10:03 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [05/08/2007 12:10]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03/10/2006 11:37]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05/11/2006 11:22]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [20/10/2006 17:23]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [15/11/2007 10:24]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 02:12]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 18:58]
"74fdad2d"="C:\Windows\system32\kkarmaeg.dll" [24/07/2008 09:35]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [03/10/2006 11:35]
"BM77ce9eb1"="C:\Windows\system32\kkqloapl.dll " [30/07/2008 17:07]
"MSServer"="C:\Windows\system32\opnKdArp.dll" [23/07/2008 12:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 12:09]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [30/05/2008 15:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:34]

C:\Users\myhorse\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Apache\bin\ApacheMonitor.exe [18/01/2008 00:38:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{F1079574-5D98-4990-9ECB-36AE259CB2C8}"= C:\Windows\system32\opnKdArp.dll [23/07/2008 12:04 36352]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\byXNheFw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Micros oft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcam]
"C:\Program Files\ubcam\ubcam_gui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-01 09:58:24 ------------
Reply With Quote