| Post ID |
Timestamp |
Content |
User |
| 402726 |
2005-11-08 05:22:00 |
This is the short results from a log scan thu http://www . hijackthis . de/
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC . exe - Unknown
C:\Program Files\Google\Google Talk\googletalk . exe - Unknown
<ÄØ€´�A�èí�ÀÙ�ÈÉ�дØÀàÜ´Ñ�Í�µ�Ý��´àÉ�ÄÄÍ�å� �Ñô€¡ A½ÍÑ1…Õ¹ =‰©•Ð¤€´¡ÑÑÀè¼½ÝÝÜȹٕɥ齸¹¹•Ð½ÕÁ‘…Ñ”½µÍ¹Ý•‰¥¹ ÍÑ…±°½¥¹±Õ‘•
̽Ùé]•‰%¹Ì¹ ��€´A½ÍÍ¥‰±ä¹…ÍÑäñ‰È¼ù<Äà€´Aɽѽ½
°èµÍ¹¥´€´ìàÈàÀÌÁ�Ä´ÈÉ�Ä
´ÐÀÀä´àÔÑ�´á�ÌÀÔÈÀÈÌÄÍ�ô€´€‰�éqAI=�I�1\MSNMESLW�\Ùܘ\��™���ˆ �š[�H�Z\ÜÚ[™ÊH�H��ÜÜÚX›�H�˜\Ý�O�œ‹
What have I got here?
The "twain" driver is for my digital camera, and everybody know what GoogleTalk is, so they can be ignored . . . but what's the other stuff?
Also ignore the . dwf viewer . . . it is a cad reader . (O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - . autodesk . com/global/dwfviewer/installer/DwfViewerSetup . cab" target="_blank">www . autodesk . com
This didn't show up in the results of the scan, just when I clicked on the Save Short Results and it opened a notepad and this is what showed up . . . hmmmmmmmmmmmmmmmmm?
Just in case someone wants to see the whole log, here it is:
Logfile of HijackThis v1 . 99 . 1
Scan saved at 8:59:29 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5 . 01 . 2600)
MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180)
Running processes:
C:\WINDOWS\System32\smss . exe
C:\WINDOWS\system32\winlogon . exe
C:\WINDOWS\system32\services . exe
C:\WINDOWS\system32\lsass . exe
C:\WINDOWS\system32\svchost . exe
C:\WINDOWS\System32\svchost . exe
C:\WINDOWS\system32\spoolsv . exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe
c:\PROGRA~1\mcafee . com\vso\mcvsrte . exe
C:\WINDOWS\System32\svchost . exe
c:\PROGRA~1\mcafee . com\vso\mcshield . exe
C:\WINDOWS\Explorer . EXE
C:\WINDOWS\Mixer . exe
D:\SECURITY AREA\gcasServ . exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind . exe
C:\PROGRA~1\mcafee . com\agent\mcagent . exe
D:\SECURITY AREA\gcasDtServ . exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe
C:\PROGRA~1\mcafee . com\vso\mcvsshld . exe
C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC . exe
c:\progra~1\mcafee . com\vso\mcvsescn . exe
C:\WINDOWS\system32\taskswitch . exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex . exe
D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer . exe
C:\Program Files\Google\Google Talk\googletalk . exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl . exe
C:\Program Files\MSN Messenger\msnmsgr . exe
C:\Program Files\Sony Handheld\Hotsync . exe
c:\progra~1\mcafee . com\vso\mcvsftsn . exe
C:\Program Files\Messenger\msmsgs . exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail . exe
C:\Program Files\MSN\MSNCoreFiles\msn . exe
C:\Program Files\Mozilla Firefox\firefox . exe
D:\SECURITY AREA\HijackThis . exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate . microsoft . com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = On Internet Explorer! Careful!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5 . 0\Reader\ActiveX\AcroIEHelper . ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SECURI~1\SPYBOT~1\SDHelper . dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\ Yahoo! \Common\YIeTagBm . dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01 . 02 . 3000 . 1001\en-us\msntb . dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - D:\SECURITY AREA\SpoofStick\SpoofStickBHO . dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee . com\vso\mcvsshl . dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - D:\SECURITY AREA\SpoofStick\SpoofStick . dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01 . 02 . 3000 . 1001\en-us\msntb . dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn0\yt . dll
O4 - HKLM\ . . \Run: [SystemTray] SysTray . Exe
O4 - HKLM\ . . \Run: [C-Media Mixer] Mixer . exe /startup
O4 - HKLM\ . . \Run: [gcasServ] "D:\SECURITY AREA\gcasServ . exe"
O4 - HKLM\ . . \Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind . exe
O4 - HKLM\ . . \Run: [MCAgentExe] c:\PROGRA~1\mcafee . com\agent\mcagent . exe
O4 - HKLM\ . . \Run: [MCUpdateExe] C:\PROGRA~1\mcafee . com\agent\McUpdate . exe
O4 - HKLM\ . . \Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc . exe /STARTUP
O4 - HKLM\ . . \Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc . exe
O4 - HKLM\ . . \Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop . exe" /startup
O4 - HKLM\ . . \Run: [VSOCheckTask] "c:\PROGRA~1\mcafee . com\vso\mcmnhdlr . exe" /checktask
O4 - HKLM\ . . \Run: [VirusScan Online] "c:\PROGRA~1\mcafee . com\vso\mcvsshld . exe"
O4 - HKLM\ . . \Run: [DELUXECC] C:\WINDOWS\twain_32\SiPix\SCDeluxe\DELUXECC . exe
O4 - HKLM\ . . \Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch . exe
O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] D:\SECURITY AREA\Spybot - Search & Destroy\TeaTimer . exe
O4 - HKCU\ . . \Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr . exe" /background
O4 - Startup: HotSync Manager . LNK = C:\Program Files\Sony Handheld\Hotsync . exe
O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office\OSA9 . EXE
O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch . htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict . htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap . htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\ Yahoo! \Common/ycsms . htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_04\bin\npjpi150_04 . dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 5 . 0_04\bin\npjpi150_04 . dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll
O9 - Extra button: Real . com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw . dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe
O12 - Plugin for . spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox . dll
O16 - DPF: Yahoo! Chat - . chat1 . yimg . com/us . yimg . com/i/chat/applet/c381/chat . cab" target="_blank">us . chat1 . yimg . com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper . dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee . com Operating System Class) - . mcafee . com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl . cab" target="_blank">download . mcafee . com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - . msn . com/controls/PhotoUC/MsnPUpld . cab" target="_blank">groups . msn . com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - . windowsupdate . microsoft . com/v5consumer/V5Controls/en/x86/client/wuweb_site . cab?1113003336543" target="_blank">v5 . windowsupdate . microsoft . com
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - . groups . msn . com/controls/FileUC/MsnUpld . cab" target="_blank">sc . groups . msn . com
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - . autodesk . com/global/dwfviewer/installer/DwfViewerSetup . cab" target="_blank">www . autodesk . com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - . msn . com/download/MsnMessengerSetupDownloader . cab" target="_blank">messenger . msn . com
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - . mcafee . com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr . cab" target="_blank">download . mcafee . com
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - . verizon . net/update/msnwebinstall/includes/vzWebIns . CAB" target="_blank">www2 . verizon . net
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4 . 5) - . msn . com/controls/msnchat45 . cab" target="_blank">chat . msn . com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp . dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr . exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s . r . o . - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc . exe
O23 - Service: McAfee . com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee . com\vso\mcshield . exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr . exe) - McAfee, Inc - C:\PROGRA~1\McAfee . com\Agent\mcupdmgr . exe
O23 - Service: McAfee . com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee . com\vso\mcvsrte . exe |
SurferJoe46 (51) |
| 402727 |
2005-11-08 05:33:00 |
Well I hate to do Speedy Gonzales out of a job, but you might find some automated help from here (http://www.hijackthis.de/).
I doubt it'll be as personal as Speedy's responses are, but is a good place to start.
Also, if you install some Windows language packs you might get a new log file in a English that reveals what that gobbeldy-gook actually reads. That's just a guess though. |
Greg (193) |
| 402728 |
2005-11-08 05:50:00 |
Not too sure what this entry belongs to / or does .
C:\Program Files\MSN\MSNCoreFiles\msn . exe - msn . exe can belong to a few worms / backdoors / trojans .
Unless this is for MSN Explorer . It might be I havent got this installed on XP .
MSN Messenger is on the other PC here (msnmsgr . exe) . msn . exe isnt tho
BUT I think this entry
C:\Program Files\Messenger\msmsgs . exe
Belongs to Windows Messenger
And this entry is for MSN Messenger
C:\Program Files\MSN Messenger\msnmsgr . exe |
Speedy Gonzales (78) |
| 402729 |
2005-11-08 23:04:00 |
Well I hate to do Speedy Gonzales out of a job, but you might find some automated help from here (http://www . hijackthis . de/) .
I doubt it'll be as personal as Speedy's responses are, but is a good place to start .
Also, if you install some Windows language packs you might get a new log file in a English that reveals what that gobbeldy-gook actually reads . That's just a guess though .
Greg . . . that IS the automated scanner checker I used as well as the one at IAmNotAGeek . Neither showed the results that the short results in the . de/ site did .
Notice that the original results of the scan DID NOT SHOW the whatever-they-are's in that foreign language . . . but when I asked for the short form, that is what I saw . That was only in the . de/ site, not the IAmNotAGeek site .
That's what I feel is the weird part . . it didn't show at first; then there's the strange language there .
BTW: C:\Program Files\MSN\MSNCoreFiles\msn . exe
is MSN Messenger 7 . 5 Beta, per my ISP's input .
I just got off the phone with Micro$oft . . . and the results were dismal . . . I know why many people hate to deal with them . Not only do they not care about this problem, the did so in bad English . |
SurferJoe46 (51) |
| 402730 |
2005-11-08 23:09:00 |
thats cos you got redirected to someone in India :lol: |
bob_doe_nz (92) |
| 402731 |
2005-11-09 05:20:00 |
That's not human language, and I doubt it's a programmig language either. Looks like something corrupted to me. |
mark c (247) |
| 402732 |
2005-11-09 06:39:00 |
Took this out and everything's back to normal . . . even the boot time got well again!
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Dwf Viewer Control) - . autodesk . com/global/dwfv . . . ViewerSetup . cab" target="_blank">www . autodesk . com |
SurferJoe46 (51) |
| 402733 |
2005-11-09 06:41:00 |
BTW: Teatimer said it was an ActiveX agent....hmmmmmmmmmmmmmmm? |
SurferJoe46 (51) |
| 402734 |
2005-11-09 10:42:00 |
TeaTimer is Spybot Search & Destroy.... |
Chilling_Silence (9) |
| 402735 |
2005-11-09 17:15:00 |
TY chill . . I know that . . but it's funny that nothing else picked up on that untill I got a Teatimer card that requested permission for a registry change (deletion) with ActiveX content .
Sidebar here: Why is this post not word-wrapped? |
SurferJoe46 (51) |
| 1 2 |
|