|
|
|
re: yahoo pages hijacked
Thursday, May 15, 2008 at 6:05 pm
Windows XP Annoyances Discussion Forum
Posted by Jim Dekan
(22 messages posted)
Okay..heres the Deckard log..I will post your requested log next. I alsop noticed
that several of my games no longer work...the window says the .exe had been modified
Deckard's System Scanner v20071014.68
Run by dad on 2008-05-13 22:40:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Total Physical Memory: 511 MiB (512 MiB recommended).[/color]
-- HijackThis (run as dad.exe) -------------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-13 22:41:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\system32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\WINDOWS\system32\ati2evxx.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Symantec AntiVirus\VPTray.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\hphmon04.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\alg.exe
D:\Documents and Settings\dad\Desktop\VR\dss.exe
D:\Documents and Settings\dad\Desktop\jimmy's utilities\HJT\dad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot
- Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHUPD04] "D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPHmon04] D:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [WMPNSCFG] D:\Program Files\Windows Media Player\WMPNSCFG.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176686382750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Common Files\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation
- D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\hphipm11.exe
O23 - Service: SavRoam - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
- D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common
Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec
AntiVirus\Rtvscan.exe
--
End of file - 5870 bytes
-- Files created between 2008-04-13 and 2008-05-13 -----------------------------
2008-05-13 20:22:20 0 d-------- D:\WINDOWS\Prefetch
2008-05-13 00:22:46 0 dr-h----- D:\Documents and Settings\dad\Recent
2008-05-06 20:45:24 0 dr------- D:\Documents and Settings\NetworkService\Favorites
2008-04-17 22:04:02 0 d-------- D:\Program Files\AC3Filter
-- Find3M Report ---------------------------------------------------------------
2008-05-13 22:20:54 0 d-------- D:\Program Files\Symantec AntiVirus
2008-05-11 19:17:38 0 d-------- D:\Documents and Settings\dad\Application
Data\U3
2008-04-17 21:37:53 0 d-------- D:\Program Files\DivX
2008-04-14 23:16:36 0 d-------- D:\Documents and Settings\dad\Application
Data\GARMIN
2008-04-13 16:09:27 0 d-------- D:\Program Files\Ahead
2008-04-12 19:15:14 0 d-------- D:\Documents and Settings\dad\Application
Data\CoreFTP
2008-04-05 01:16:17 0 d-------- D:\Program Files\Call of Duty Game of the
Year Edition
2008-03-31 15:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 15:25:48 823296 --a------ D:\WINDOWS\system32\divx_xx07.dll
2008-03-31 15:25:46 802816 --a------ D:\WINDOWS\system32\divx_xx11.dll
2008-03-31 15:25:46 831488 --a------ D:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 15:25:46 682496 --a------ D:\WINDOWS\system32\DivX.dll
2008-03-29 18:51:19 0 d-------- D:\Program Files\MediaCoder iPhone Edition
2008-03-29 18:29:29 0 d-------- D:\Program Files\Common Files
2008-03-29 17:20:44 0 d-------- D:\Program Files\MediaCoder
2008-03-29 13:05:09 356352 --a------ D:\WINDOWS\eSellerateEngine.dll
2008-03-29 13:04:54 0 d-------- D:\Program Files\Deskshare
2008-03-29 12:39:59 0 d-------- D:\Documents and Settings\dad\Application
Data\Apple Computer
2008-03-29 12:05:15 0 d-------- D:\Program Files\Safari
2008-03-29 12:04:26 0 d-------- D:\Program Files\iTunes
2008-03-29 12:04:10 0 d-------- D:\Program Files\iPod
2008-03-21 14:30:08 3596288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2008-03-21 14:28:54 196608 --a------ D:\WINDOWS\system32\dtu100.dll
2008-03-21 14:28:54 81920 --a------ D:\WINDOWS\system32\dpl100.dll
2008-03-21 14:28:20 12288 --a------ D:\WINDOWS\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004
02:10 PM D:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [09/23/2004 05:27 AM D:\WINDOWS\SOUNDMAN.EXE]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 02:52
PM]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 11:30 AM]
"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
[04/04/2002 02:03 PM]
"HPHUPD04"="D:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [04/04/2002
02:04 PM]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 06:42
PM]
"HPHmon04"="D:\WINDOWS\system32\hphmon04.exe" [04/04/2002 02:01 PM]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[10/10/2007 07:51 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006
11:35 AM]
"WMPNSCFG"="D:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05
PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdpua.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
""=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPHmon04"=D:\WINDOWS\system32\hphmon04.exe
-- End of Deckard's System Scanner: finished at 2008-05-13 22:42:29 ------------
On Thursday, May 15, 2008 at 5:27 pm, MrCharlie wrote:
>
>Also in a separate post:
>
>Open up HJT > Open Misc. Tools Section > scroll down to "Open Uninstall Manager"
>> click "Save List" copy and paste it back here.
>
>MrC
>
>
>Malware Removal Specialist
>
>"http://img.photobucket.com/albums/v257/MrChalee/unite_blue.png">
- Written in response to:
- re: yahoo pages hijacked (MrCharlie: Thursday, May 15, 2008 at 5:27 pm)
Responses to this message:
|
|
All messages in this thread [show all]
 | | | | | |  | re: yahoo pages hijacked (Jim Dekan: Thu, May 15, 2008, 6:05 pm) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
|
|
