Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackthis log


  • Please log in to reply

#1
trev-gdr

trev-gdr

    New Member

  • Member
  • Pip
  • 2 posts
This is on a friends computer that had the windows xp antivirus automatically installed and the wonderful background that says "you have spyware" Several popups occur in IE, even when only firefox is running. I ran adaware as well as norton antivirus and these problems are still occuring.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:58 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [9c5a4bd9] rundll32.exe "C:\WINDOWS\system32\gmhjlcso.dll",b
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [lphceo6j0el6e] C:\WINDOWS\system32\lphceo6j0el6e.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm021YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5716 bytes
  • 0

Advertisements


#2
trev-gdr

trev-gdr

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Deckard's System Scanner v20071014.68
Run by Owner on 2008-08-07 13:49:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
37: 2008-08-07 17:49:55 UTC - RP302 - Deckard's System Scanner Restore Point
36: 2008-08-07 16:57:43 UTC - RP301 - Installed Ad-Aware
35: 2008-08-07 01:44:37 UTC - RP300 - Last known good configuration
34: 2008-08-07 01:44:20 UTC - RP299 - Last known good configuration
33: 2008-08-07 01:44:19 UTC - RP298 - System Checkpoint


-- First Restore Point --
1: 2008-08-07 01:44:09 UTC - RP266 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 239 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:41 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: (no name) - {57F10F1F-F32C-4F95-AA8A-1A280C478670} - C:\WINDOWS\system32\hgGwVLDW.dll
O2 - BHO: {5e62a291-c425-ade9-1654-1db7bb6ca808} - {808ac6bb-7bd1-4561-9eda-524c192a26e5} - C:\WINDOWS\system32\qkxswi.dll
O2 - BHO: (no name) - {9B69EFE9-3B20-4357-A673-83F2733FA0A1} - C:\WINDOWS\system32\cbXoOiGw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [9c5a4bd9] rundll32.exe "C:\WINDOWS\system32\gmhjlcso.dll",b
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [lphceo6j0el6e] C:\WINDOWS\system32\lphceo6j0el6e.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZKxdm021YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: hgGwVLDW - C:\WINDOWS\SYSTEM32\hgGwVLDW.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6297 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 dxgthkk - c:\windows\system32\drivers\dxgthkk.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-07 11:19:38 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2005-09-03 16:37:11 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 3.job
2005-09-03 16:37:11 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 2.job


-- Files created between 2008-07-07 and 2008-08-07 -----------------------------

2008-08-07 12:46:25 94208 --a------ C:\WINDOWS\system32\pphceo6j0el6e.exe
2008-08-07 12:46:24 0 d-------- C:\Documents and Settings\Owner\Application Data\rhcao6j0el6e
2008-08-07 12:39:11 60928 --a------ C:\WINDOWS\system32\blphceo6j0el6e.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-08-07 12:35:03 0 d-------- C:\Documents and Settings\Owner\Application Data\.ABC
2008-08-07 12:34:38 0 d-------- C:\Program Files\ABC
2008-08-07 12:27:28 0 d-------- C:\Program Files\RegCleaner
2008-08-07 12:07:32 0 d-------- C:\Program Files\Lavasoft
2008-08-07 12:07:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-07 12:06:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 12:05:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-08-07 12:03:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-08-07 11:54:07 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-08-07 11:54:07 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-08-07 11:54:07 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-08-07 11:54:07 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-08-07 11:54:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-08-07 11:54:07 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-08-07 11:54:07 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-08-07 11:54:07 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-08-07 11:54:07 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-08-07 11:54:07 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-08-07 11:54:07 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-08-07 11:54:07 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-08-07 11:54:07 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-08-07 11:54:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-08-07 11:54:07 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-08-07 11:54:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\McAfee
2008-08-07 11:54:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-08-07 11:54:05 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-08-07 10:43:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2008-08-07 10:43:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-08-07 10:40:12 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-08-07 00:51:42 82944 --a------ C:\WINDOWS\system32\gmhjlcso.dll
2008-08-07 00:49:00 2048 --a------ C:\WINDOWS\system32\unhusrju.exe
2008-08-07 00:48:53 101888 --a------ C:\WINDOWS\system32\qkxswi.dll
2008-08-07 00:48:42 101888 --a------ C:\WINDOWS\system32\uxlkudet.dll
2008-08-06 21:46:52 101888 --a------ C:\WINDOWS\system32\xffpiy.dll
2008-08-06 21:46:50 101888 --a------ C:\WINDOWS\system32\pssuxrds.dll
2008-08-06 21:45:39 101888 --a------ C:\WINDOWS\system32\tbtxop.dll
2008-08-06 21:45:38 101888 --a------ C:\WINDOWS\system32\pvhxyqvg.dll
2008-08-06 21:36:38 879755 --ahs---- C:\WINDOWS\system32\wGiOoXbc.ini2
2008-08-06 21:36:18 282624 --a------ C:\WINDOWS\system32\cbXoOiGw.dll
2008-08-06 20:20:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-08-06 20:20:05 0 d--hs---- C:\WINDOWS\IA
2008-08-06 20:19:25 104448 --a------ C:\WINDOWS\mrofinu1000106.exe
2008-08-06 20:18:50 86144 -----n--- C:\WINDOWS\system32\drivers\dxgthkk.sys
2008-08-06 20:18:44 0 d-------- C:\WINDOWS\system32\tbs
2008-08-06 20:18:44 0 d-------- C:\WINDOWS\system32\n3
2008-08-06 20:18:40 104448 --a------ C:\WINDOWS\mrofinu1188.exe
2008-08-06 20:18:19 0 d-------- C:\WINDOWS\system32\kBin15
2008-08-06 20:18:08 31744 --a------ C:\WINDOWS\system32\nnnkIyXr.dll
2008-08-06 20:18:08 31744 --a------ C:\WINDOWS\system32\hgGwVLDW.dll
2008-08-01 16:45:57 0 d--hs---- C:\WINDOWS\ftpcache
2008-07-25 17:48:43 0 d-------- C:\OEMSettings
2008-07-25 17:48:29 21035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
2008-07-25 17:47:55 0 d-------- C:\Program Files\NETGEAR
2008-07-25 17:46:52 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-25 16:42:03 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{ED7C2C94-3AC9-45CD-81E2-C8F6F75A661C}
2008-07-25 16:33:37 0 d-------- C:\Program Files\LG Electronics
2008-07-25 16:32:40 0 d-------- C:\Program Files\Sprint music manager
2008-07-25 12:34:59 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2008-08-07 13:35:11 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-08-07 12:58:47 0 d-------- C:\Program Files\Pure Networks
2008-08-07 12:58:47 0 d-------- C:\Program Files\Common Files
2008-08-07 12:57:45 0 d-------- C:\Program Files\Napster
2008-08-07 12:56:40 0 d-------- C:\Program Files\Common Files\AOL
2008-08-07 12:54:33 0 d-------- C:\Program Files\BigFix
2008-08-07 11:06:07 0 d-------- C:\Program Files\Google
2008-08-02 00:02:40 0 d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-07-25 17:49:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-30 12:03:51 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D318C85D-F740-4369-B0C1-9D0B95AFF036}
2008-06-26 21:28:00 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{68443285-2B15-48DB-B0DE-5AEE998F0C80}
2008-06-26 21:26:02 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{33376264-B3F0-47DA-B3D5-908FDB709A71}
2008-06-26 16:03:51 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{C9D43D41-6F53-453A-B14A-1D6BBBF2C992}
2008-06-26 11:31:54 6 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{8D38E7DD-5124-494F-BE8C-60E6681E99DE}
2008-06-19 15:32:20 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-19 15:27:14 0 d-------- C:\Program Files\Symantec


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57F10F1F-F32C-4F95-AA8A-1A280C478670}]
08/06/2008 08:18 PM 31744 --a------ C:\WINDOWS\system32\hgGwVLDW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{808ac6bb-7bd1-4561-9eda-524c192a26e5}]
08/07/2008 12:48 AM 101888 --a------ C:\WINDOWS\system32\qkxswi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B69EFE9-3B20-4357-A673-83F2733FA0A1}]
08/06/2008 09:36 PM 282624 --a------ C:\WINDOWS\system32\cbXoOiGw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/09/2005 02:12 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/20/2004 06:55 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/20/2004 06:51 PM]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [03/29/2005 11:41 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [06/29/2006 06:34 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 03:48 AM]
"My Web Search Bar"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"D-Link RangeBooster G WUA-2340"="C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [09/01/2006 01:09 PM]
"9c5a4bd9"="C:\WINDOWS\system32\gmhjlcso.dll" [08/07/2008 12:51 AM]
"Antivirus"="C:\Program Files\VAV\vav.exe" []
"lphceo6j0el6e"="C:\WINDOWS\system32\lphceo6j0el6e.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"Antivirus"="C:\Program Files\VAV\vav.exe" []

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Sprint music manager\MEMonitor.exe [7/25/2008 4:32:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [9/12/2007 3:14:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57F10F1F-F32C-4F95-AA8A-1A280C478670}"= C:\WINDOWS\system32\hgGwVLDW.dll [08/06/2008 08:18 PM 31744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGwVLDW]
hgGwVLDW.dll 08/06/2008 08:18 PM 31744 C:\WINDOWS\system32\hgGwVLDW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXoOiGw

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88979e27-c5ca-11d9-ad87-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2008-08-07 13:55:17 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP