Thread: Fear of spyware..running sluggishly lately..sorry for undetailed title
View Single Post
Old 04-25-2008, 09:05 AM   #1 (permalink)
azomas
Registered User
 
Join Date: Apr 2008
Posts: 8
OS: XP SP2


Red Faced Fear of spyware..running sluggishly lately..sorry for undetailed title
I apologise for not giving a detailed title because I'm not
sure whether the spyware is there or not



Deckard's System Scanner v20071014.68
Run by azo on 2008-04-25 15:40:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2008-04-25 14:41:12 UTC - RP308 - Deckard's System Scanner Restore Point
28: 2008-04-25 03:39:12 UTC - RP307 - Software Distribution Service 3.0
27: 2008-04-25 03:15:29 UTC - RP306 - Restore Operation
26: 2008-04-24 23:03:15 UTC - RP305 - Software Distribution Service 3.0
25: 2008-04-24 13:11:23 UTC - RP304 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-06 17:32:59 UTC - RP280 - Removed Navman F Series Connection Pack


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as azo.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:09, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\azo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\azo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iiu.edu.my/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://211.25.51.9/proxy.pac
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...nner371420.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5854B1E4-2870-48B0-8AFC-2813D399CA83}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{E184C581-3556-4F97-9AF6-BFE735F5576E}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PHZINLLZR - Unknown owner - C:\DOCUME~1\azo\LOCALS~1\Temp\PHZINLLZR.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VZMGWJX - Unknown owner - C:\DOCUME~1\azo\LOCALS~1\Temp\VZMGWJX.exe (file missing)

--
End of file - 6920 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
S3 PHZINLLZR - c:\docume~1\azo\locals~1\temp\phzinllzr.exe (file missing)
S3 VZMGWJX - c:\docume~1\azo\locals~1\temp\vzmgwjx.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 14:16:12 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-25 15:43:40 0 d-------- C:\Program Files\Trend Micro
2008-04-25 04:54:13 0 d-------- C:\Program Files\Panda Security
2008-04-25 04:25:51 0 dr-h----- C:\Documents and Settings\azo\Recent
2008-04-25 03:40:03 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-25 03:39:38 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-04-25 03:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-24 13:43:39 0 d-------- C:\Program Files\PDAmill
2008-04-24 13:43:26 0 d-------- C:\Program Files\Ziosoft
2008-04-23 23:56:41 0 d-------- C:\Program Files\Games
2008-04-21 19:27:02 0 d-------- C:\Program Files\Handmark(2)
2008-04-15 12:27:24 0 d-------- C:\Program Files\Astraware
2008-04-13 14:31:56 0 d-------- C:\Program Files\Navman
2008-04-12 18:55:26 0 d-------- C:\WINDOWS\WinRAR
2008-04-11 12:05:32 0 d--hs---- C:\FOUND.002
2008-04-11 00:53:11 0 d-------- C:\Program Files\PIBukhariHadith
2008-04-10 09:20:18 0 d--hs---- C:\FOUND.001
2008-04-09 21:43:12 0 d-------- C:\Program Files\Sysinternals
2008-04-08 17:04:38 0 d-------- C:\Documents and Settings\azo\Application Data\Apple Computer
2008-03-29 17:05:43 0 d-------- C:\Program Files\QuickTime
2008-03-29 17:05:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-27 14:32:05 0 d-------- C:\Program Files\Dnote Software


-- Find3M Report ---------------------------------------------------------------

2008-04-25 05:20:46 3308 --a------ C:\WINDOWS\bthservsdp.dat
2008-04-25 04:54:16 4463 --a------ C:\WINDOWS\mozver.dat
2008-03-16 19:50:00 0 d-------- C:\Program Files\MSECache
2008-03-14 18:50:56 0 d-------- C:\Documents and Settings\azo\Application Data\AVGTOOLBAR
2008-03-14 18:17:16 0 d-------- C:\Program Files\AVG
2008-02-28 15:48:14 0 d-------- C:\Program Files\Common Files\Thomson ResearchSoft
2008-02-25 19:05:48 0 d-------- C:\Program Files\MSXML 6.0
2008-02-23 16:49:38 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-22 18:25:56 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-18 13:48:56 2528 --a------ C:\Documents and Settings\azo\Application Data\$_hpcst$.hpc
2008-02-13 13:23:24 3447 --a------ C:\WINDOWS\unins000.dat
2008-02-13 13:21:24 691545 --a------ C:\WINDOWS\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
28/03/2008 01:26 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [28/03/2008 01:26 2051328]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [03/08/2004 16:56 C:\WINDOWS\system32\bthprops.cpl]
"Athan"="C:\Program Files\Athan\Athan.exe" [12/09/2005 01:04]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [28/03/2008 01:26]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [27/02/2008 17:33]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 16:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [13/11/2006 13:39]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [12/03/2008 20:27]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [27/08/2007 16:19]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
Ati2evxx.dll 03/08/2005 23:04 46080 C:\WINDOWS\system32\ati2evxx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d2e2c7d-5e80-11dc-900e-0010c696891d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f984aac-cf87-11dc-9132-0010c696891d}]
- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccff818-0289-11dd-91b5-8000600fe800}]




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8329 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-25 15:45:54 ------------
Attached Files
File Type: txt extra.txt (17.2 KB, 2 views)
azomas is offline