Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

got this recently popping up. spyware secure

Started by painter1982 , Apr 19 2008 06:57 PM

  • Please log in to reply

#1
painter1982
Posted 19 April 2008 - 06:57 PM

painter1982

    Member

  • Member
  • PipPip
  • 54 posts
Deckard's System Scanner v20071014.68
Run by don on 2008-04-19 19:55:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as don.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:44 PM, on 4/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
I:\Program Files\SpywareGuard\sgmain.exe
I:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
I:\dss.exe
I:\HIJACK~1\don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - I:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [pxiijs] c:\documents and settings\don\local settings\application data\pxiijs.exe pxiijs
O4 - HKCU\..\Run: [iswdxqnfi] c:\windows\system32\iswdxqnfi.exe iswdxqnfi
O4 - Startup: SpywareGuard.lnk = I:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201487982218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-game...mjolauncher.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave...inematycoon.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6562 bytes

-- Files created between 2008-03-19 and 2008-04-19 -----------------------------

2008-04-18 00:40:04 0 d------c- C:\Program Files\tg games
2008-04-15 23:51:27 0 d------c- C:\Program Files\ReflexiveArcade
2008-04-15 22:59:16 1049650 --a----c- C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-15 22:57:05 0 d------c- C:\Program Files\Common Files\Thraex Software
2008-04-15 22:31:12 0 d------c- C:\WINDOWS\CinemaTycoonCC
2008-04-15 22:31:12 0 d------c- C:\Program Files\CinemaTycoonCC
2008-04-15 21:32:30 0 d--hs--c- C:\WINDOWS\ftpcache
2008-04-13 20:11:40 0 d------c- C:\Program Files\Common Files\INCA Shared
2008-04-13 20:11:38 4682 --a----c- C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-04-13 19:53:04 0 d--h---c- C:\Documents and Settings\don\Application Data\ijjigame
2008-04-13 19:52:39 0 d------c- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-04-13 19:48:46 0 d------c- C:\ijji
2008-04-12 00:36:17 2011136 --a----c- C:\WINDOWS\system32\XTP9510Lib.dll <Not Verified; Codejock Software; Xtreme Toolkit Pro™ Dynamic Link Library>
2008-04-10 14:33:37 0 d------c- C:\Program Files\Microsoft Works
2008-04-10 14:32:05 0 d------c- C:\Program Files\Microsoft.NET
2008-04-10 14:30:18 0 d------c- C:\Program Files\Microsoft Visual Studio 8
2008-04-10 14:29:43 0 d------c- C:\WINDOWS\SHELLNEW
2008-04-10 14:28:47 0 dr-h---c- C:\MSOCache
2008-04-10 11:47:48 0 d------c- C:\Documents and Settings\don\Application Data\KompoZer
2008-03-31 19:08:21 0 d------c- C:\WINDOWS\system32\vmm32
2008-03-31 16:21:46 0 d------c- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 15:16:49 0 d------c- C:\Documents and Settings\don\Application Data\Malwarebytes
2008-03-31 15:16:37 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-31 15:08:10 2644 --a----c- C:\WINDOWS\system32\kill.vbs
2008-03-28 17:36:08 0 d------c- C:\WINDOWS\pss
2008-03-27 23:19:59 0 d------c- C:\Program Files\Microsoft Money 2007
2008-03-26 22:12:18 0 d------c- C:\Program Files\Selfkey Systems
2008-03-23 00:28:57 0 d------c- C:\drivers
2008-03-22 23:54:32 0 d------c- C:\Program Files\Disney
2008-03-20 21:44:21 0 d------c- C:\Program Files\Common Files\DirectX
2008-03-20 19:48:39 0 d------c- C:\Documents and Settings\don\Application Data\InstallShield
2008-03-20 12:05:16 0 d------c- C:\wic
2008-03-20 11:30:01 0 d------c- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-20 11:29:44 0 d------c- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-19 22:43:16 0 d------c- C:\Program Files\Virtools


-- Find3M Report ---------------------------------------------------------------

2008-04-19 07:23:54 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-04-18 18:00:01 0 d------c- C:\Program Files\Norton Security Scan
2008-04-17 12:28:58 0 d------c- C:\Documents and Settings\don\Application Data\LimeWire
2008-04-15 23:58:54 0 d------c- C:\Documents and Settings\don\Application Data\Azureus
2008-04-15 22:57:05 0 d------c- C:\Program Files\Common Files
2008-04-13 19:48:45 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-04-10 14:33:26 0 d------c- C:\Program Files\MSBuild
2008-04-01 08:19:06 0 d------c- C:\Program Files\Java
2008-03-27 05:48:48 14336 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-24 00:22:25 0 d------c- C:\Documents and Settings\don\Application Data\U3
2008-03-21 06:03:03 0 d------c- C:\Documents and Settings\don\Application Data\Move Networks
2008-03-15 16:29:22 0 d------c- C:\Program Files\Kuma Games
2008-03-11 20:47:14 0 d------c- C:\Documents and Settings\don\Application Data\Macromedia
2008-03-03 21:24:26 0 d------c- C:\Documents and Settings\don\Application Data\Help
2008-03-02 16:54:12 0 d------c- C:\Documents and Settings\don\Application Data\RipIt4Me
2008-02-29 08:00:20 0 d------c- C:\Program Files\QuickTime
2008-02-27 06:54:27 0 d------c- C:\Program Files\Reference Assemblies
2008-02-27 06:53:46 0 d------c- C:\Program Files\MSXML 6.0
2008-02-27 06:53:14 0 d------c- C:\Program Files\Windows Media Connect 2
2008-02-26 18:03:28 0 d------c- C:\Documents and Settings\don\Application Data\Leadertech
2008-02-25 23:37:36 0 d------c- C:\Program Files\GameShadow
2008-02-25 23:30:32 0 d------c- C:\Program Files\OpenAL
2008-02-25 16:51:37 0 d------c- C:\Documents and Settings\don\Application Data\Adobe
2008-02-25 16:50:31 0 d------c- C:\Program Files\Common Files\Adobe
2008-02-25 11:47:33 0 d------c- C:\Program Files\Microsoft Silverlight
2008-02-23 13:20:48 0 d------c- C:\Documents and Settings\don\Application Data\Nero
2008-02-23 13:19:48 0 d------c- C:\Program Files\Common Files\Nero
2008-02-23 13:18:39 0 d------c- C:\Program Files\Nero
2008-02-14 22:19:57 679 --a----c- C:\WINDOWS\mozver.dat
2008-01-27 22:03:18 0 --a----c- C:\WINDOWS\nsreg.dat
2008-01-27 21:57:45 1324 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-01-27 21:03:10 0 -rahs--c- C:\MSDOS.SYS
2008-01-27 21:03:10 0 -rahs--c- C:\IO.SYS
2008-01-27 21:03:10 0 --a----c- C:\CONFIG.SYS
2008-01-27 21:03:10 0 --a----c- C:\AUTOEXEC.BAT
2008-01-27 20:59:40 21640 --a----c- C:\WINDOWS\system32\emptyregdb.dat
2008-01-27 14:53:24 62 --ahs---- C:\Documents and Settings\don\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 01:37 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 09:07 AM]
"SigmatelSysTrayApp"="stsystra.exe" [08/24/2005 07:42 AM C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/29/2008 08:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"pxiijs"="c:\documents and settings\don\local settings\application data\pxiijs.exe" []
"iswdxqnfi"="c:\windows\system32\iswdxqnfi.exe" [04/18/2008 12:42 PM]

C:\Documents and Settings\don\Start Menu\Programs\Startup\
SpywareGuard.lnk - I:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=C:\WINDOWS\pss\Kuma_Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ef0961e-e560-11dc-9fc0-00137214381d}]
AutoRun\command- N:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4276fbc-d357-11dc-9fb7-00137214381d}]
AutoRun\command- N:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-19 19:56:11 ------------
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP