Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware


  • This topic is locked This topic is locked
2 replies to this topic

#1 schulz

schulz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 12 May 2008 - 06:05 PM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-12 18:50:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
138: 2008-05-12 22:50:29 UTC - RP605 - Deckard's System Scanner Restore Point
137: 2008-05-12 02:32:18 UTC - RP604 - System Checkpoint
136: 2008-05-11 02:28:53 UTC - RP603 - System Checkpoint
135: 2008-05-10 02:24:05 UTC - RP602 - System Checkpoint
134: 2008-05-09 01:40:52 UTC - RP601 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-09 01:37:58 UTC - RP468 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-12 18:54:36
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\jezgjmjg\lqvmnwhi.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\lgzqfknm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.OWNER-DON6E5B2A\Local Settings\Temporary Internet Files\Content.IE5\IOEBBMRV\dss[1].exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6082A44-2A22-41B3-B86D-9C76524CBF5D} - C:\WINDOWS\system32\hgGwWNfc.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\efcBTnnL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fc5b0687] rundll32.exe "C:\WINDOWS\system32\xbupvpew.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iemnxdja] C:\WINDOWS\system32\lgzqfknm.exe
O4 - HKLM\..\Policies\Explorer\Run: [S09owqOva6] C:\Documents and Settings\All Users.WINDOWS\Application Data\jezgjmjg\lqvmnwhi.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173561990303
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: efcBTnnL - C:\WINDOWS\system32\efcBTnnL.dll
O22 - SharedTaskScheduler: escalators - {cc25189b-1b13-4abe-900e-65e08bd961af} - C:\WINDOWS\system32\zdhgsp.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


--
End of file - 6065 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_71451462&REV_10\3&61AAA01&0&A0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-12 02:27:44 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-11 22:53:00 300 --a------ C:\WINDOWS\Tasks\WebReg Deskjet 5400 series.job
2008-05-09 15:00:00 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 03:13:30 91712 --a------ C:\WINDOWS\system32\xbupvpew.dll
2008-05-11 05:53:56 91712 -----n--- C:\WINDOWS\system32\cjmunyjw.dll
2008-05-10 03:14:11 93248 --a------ C:\WINDOWS\system32\fcogxdbu.dll
2008-05-03 20:08:52 3457024 --a------ C:\Documents and Settings\Owner.OWNER-DON6E5B2A\ntuser.dat
2008-04-27 10:16:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SITEguard
2008-04-27 10:15:59 0 d-------- C:\Program Files\STOPzilla!
2008-04-27 10:15:58 0 d-------- C:\Program Files\Common Files\iS3
2008-04-27 10:15:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-04-23 03:49:09 0 d-------- C:\Program Files\AntiSpywareShield
2008-04-20 13:17:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpywareBot
2008-04-20 13:17:19 0 d-------- C:\Program Files\SpyShredder
2008-04-20 13:17:15 0 d-------- C:\Program Files\Spyware Doctor
2008-04-20 13:17:03 0 d-------- C:\Documents and Settings\Owner.OWNER-DON6E5B2A\Application Data\AVG7
2008-04-20 13:17:03 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-20 13:17:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-04-20 13:17:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-20 13:17:03 0 dr-h----- C:\$VAULT$.AVG
2008-04-20 10:45:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft(2)
2008-04-20 10:45:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7(2)
2008-04-20 10:18:14 0 d-------- C:\Program Files\XP Antivirus(2)

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:54 PM

Posted 31 May 2008 - 11:59 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new log in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:54 PM

Posted 09 June 2008 - 07:23 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users