Thread: Re: Posted Logs-need Spyware Removal Help
View Single Post
Old 01-15-2008, 08:19 PM   #3 (permalink)
adasha
Registered User
 
adasha's Avatar
 
Join Date: Jan 2008
Location: Texas
Posts: 12
OS: Windows XP


Re: Posted Logs-need Spyware Removal Help
Thanks for your help. Here is the main.txt file:

Deckard's System Scanner v20071014.68
Run by Adasha Knight on 2008-01-15 21:12:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adasha Knight.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:49 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk .exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Adasha Knight\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adasha Knight.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: {f4a12136-cd14-361a-d414-dd091ec260a0} - {0a062ce1-90dd-414d-a163-41dc63121a4f} - C:\WINDOWS\system32\bhxjtvbx.dll
O2 - BHO: (no name) - {AFEAE967-F3A6-48FD-ACCA-A28E1CB1B48A} - C:\WINDOWS\system32\ddrawe.dll
O2 - BHO: (no name) - {C2C0197E-9505-42BD-BCA5-02FA2338AFA5} - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - C:\WINDOWS\system32\hggefec.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189315894890
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/b...ploader_v6.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 3956 bytes

-- Files created between 2007-12-15 and 2008-01-15 -----------------------------

2008-01-15 21:10:50 0 d-------- C:\Program Files\Trend Micro
2008-01-09 14:31:18 0 d-------- C:\Program Files\SpywareBlaster
2008-01-09 14:30:48 0 d-------- C:\ie-spyad_zo
2008-01-09 11:50:03 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-09 11:29:24 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 23:37:35 90176 --a------ C:\WINDOWS\system32\ntanayog.dll
2008-01-04 23:34:36 78912 --a------ C:\WINDOWS\system32\bhxjtvbx.dll
2008-01-04 23:31:34 78912 --a------ C:\WINDOWS\system32\jtsxmesu.dll
2008-01-04 23:29:43 74304 --a------ C:\WINDOWS\system32\rutjgknp.exe <Not Verified; ; DDC>
2007-12-28 03:21:02 341504 --a------ C:\WINDOWS\system32\vtutr.exe
2007-12-28 03:21:00 20111 --ahs---- C:\WINDOWS\system32\rtutv.ini2
2007-12-28 03:20:50 337920 --a------ C:\WINDOWS\system32\vtutr.dll
2007-12-27 22:30:37 0 d-------- C:\VundoFix Backups
2007-12-24 00:53:44 0 d-------- C:\WINDOWS\system32\?dobe
2007-12-23 12:40:57 0 d-------- C:\Program Files\AIMTunes
2007-12-23 10:48:03 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2007-12-23 10:29:53 0 d-------- C:\Program Files\Common Files\T?sks
2007-12-23 02:24:23 0 d-------- C:\Program Files\WinAble
2007-12-23 02:24:23 0 d-------- C:\Program Files\Temporary
2007-12-23 02:21:12 2 --a------ C:\WINDOWS\system32\wapiicomsv.exe
2007-12-23 02:21:06 0 d-------- C:\WINDOWS\system32\W?nSxS
2007-12-23 02:20:58 39936 --a------ C:\WINDOWS\mrofinu72.exe
2007-12-23 02:20:42 40448 -----n--- C:\WINDOWS\system32\hggefec.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-15 21:07:16 0 --a------ C:\WINDOWS\TempFile
2008-01-09 13:15:31 0 d-------- C:\Program Files\Lexmark 1200 Series
2008-01-09 13:09:16 0 d-------- C:\Program Files\DIGStream
2007-12-24 01:03:11 0 d-------- C:\Program Files\Common Files
2007-12-24 00:51:38 0 d-------- C:\Program Files\QuickTime
2007-12-23 13:48:52 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-23 13:48:48 88 -r-hs---- C:\WINDOWS\system32\E8118B887A.sys
2007-12-23 12:42:58 0 d-------- C:\Program Files\AIM6
2007-12-23 11:08:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-23 10:29:53 0 d-------- C:\Program Files\Common Files\T?sks
2007-12-17 16:07:57 4 --a------ C:\WINDOWS\system32\2B8F1C
2007-12-06 17:43:50 0 d-------- C:\Program Files\LimeWire
2007-10-25 19:39:33 1156 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a062ce1-90dd-414d-a163-41dc63121a4f}]
01/04/2008 11:34 PM 78912 --a------ C:\WINDOWS\system32\bhxjtvbx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFEAE967-F3A6-48FD-ACCA-A28E1CB1B48A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2C0197E-9505-42BD-BCA5-02FA2338AFA5}]
12/28/2007 03:20 AM 337920 --a------ C:\WINDOWS\system32\vtutr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]
12/23/2007 02:20 AM 40448 --------- C:\WINDOWS\system32\hggefec.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [01/15/2008 09:06 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}"= C:\WINDOWS\system32\hggefec.dll [12/23/2007 02:20 AM 40448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 06:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutr




-- End of Deckard's System Scanner: finished at 2008-01-15 21:13:47 ------------
Attached Files
File Type: txt extra.txt (17.5 KB, 2 views)
adasha is offline