NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 09:08:34 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

spybot won't work; WinAntiSpyware


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: spybot won't work; WinAntiSpyware  (Read 5314 times)
scootie668
Newbie
*
Posts: 5


View Profile
« on: June 07, 2007, 07:41:01 AM »
A version of WinAntiSpyware downloaded onto my pc accidently .. apparently this is a rogue antis-pyware product .. I nowhave popups mainly from  url.cpvfeed.com .. I have spybot search and destroy and spyware doctor on my pc.. here is a report from spyware doctor. i do not have the paid subscription therefore it will not remove everything.. any thoughts on how to get rid based on the follows :


Infection Name Location Risk
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@atdmt[1].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@fastclick[2].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@statcounter[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Administrator1\Cookies\administrator1@tribalfusion[1].txt Low
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\1417[1].jpg High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\footer_cat[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\spacer[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\div[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\5666[1].jpg High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\check[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\bullet-arrow[1].gif High
Mirar C:\Documents and Settings\steph\Local Settings\Temp\NNBar_VCSetup_876916_LOG_IES_NoDMY_AFF.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\err.log Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwas7cw.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwasdc.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwasers.exe Low
MediaTickets C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe Elevated
PurityScan C:\RECYCLER\S-1-5-21-3761145930-4038122569-246821410-1005\Dc451.dll High
Mirar C:\RECYCLER\S-1-5-21-3761145930-4038122569-246821410-1005\Dc452.dll Low
Rootkit.Agent C:\WINDOWS\system32\drivers\core.cache.dsk High
Rootkit.Agent C:\WINDOWS\system32\drivers\core.sys High
WinAntiVirus C:\WINDOWS\system32\DRIVERS\FOPN.sys Elevated
Virtumonde C:\WINDOWS\system32\jkkli.dll Elevated
Virtumonde Explorer.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32 Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32## Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32##ThreadingModel Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32 Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32##ThreadingModel Elevated
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Virtumonde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkli##DllName Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\Control High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\Control## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\LogConf## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##0 High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##Count High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000\LogConf## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\Control High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\Control## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\LogConf## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Service Elevated
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##0 High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##Count High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##NextInstance High
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #1 on: June 07, 2007, 07:42:25 AM »
Hi scootie668

Please download the HijackThis program, run a scan and post your log here.

I will move this thread to more appropriate forum section.
Logged
scootie668
Newbie
*
Posts: 5


View Profile
« Reply #2 on: June 07, 2007, 01:41:50 PM »
Hijack This Log>>



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:11:00 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1161565727\ee\aolsoftware.exe
c:\program files\common files\aol\1161565727\ee\aexplore.exe
C:\Documents and Settings\steph\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nextpimp.com/?rtp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FED2D2E-7B58-4843-8D9E-62404A698371} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\xxyaayw.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C3240EAB-517A-403B-B86E-109539576CDB} - C:\WINDOWS\system32\mljgd.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\uhjkbcvo.dll
O2 - BHO: (no name) - {EB5DEA17-A6AD-4247-A956-BAB8E95F7BF7} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161696119890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: mljgd - C:\WINDOWS\system32\mljgd.dll
O20 - Winlogon Notify: xxyaayw - C:\WINDOWS\SYSTEM32\xxyaayw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12383 bytes
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #3 on: June 07, 2007, 11:35:12 PM »
Hi scootie668

I'm sorry, but we don't accept HijackThis 2.0.0 logs yet. This version is still BETA. You have to post HijackThis 1.99.1 log. It's the latest "stable" version.
Logged
scootie668
Newbie
*
Posts: 5


View Profile
« Reply #4 on: June 09, 2007, 08:41:36 PM »
I have done all the recommended things to get rid of this rogue called WinAntiSpyware and it seemed to work as far as the pop-ups.. however, Spyware doctor has let me know the WinAntiSpyware is back in my folders..no matter how many times deleted this mess keeps coming back.. see below ..



Spyware Doctor Activity Report


Scans (basic information only):

Scan Results:
scan start: 6/8/2007 7:00:00 PM
scan stop: 6/8/2007 7:13:11 PM
scanned items: 109263
found items: 33
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs\update.log Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@247realmedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@2o7[1].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@ads.pointroll[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@atwola[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@bs.serving-sys[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@ehg-foxsports.hitbox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@hitbox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@m.webtrends[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@questionmarket[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@realmedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@serving-sys[1].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@trafficmp[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@tribalfusion[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@www.geekstogo[1].txt Low
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High
Trojan.Downloader.Ruins HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls High
Trojan.Downloader.Ruins HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Service Elevated

Scan Results:
scan start: 6/9/2007 7:00:00 PM
scan stop: 6/9/2007 7:14:00 PM
scanned items: 109446
found items: 25
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs\update.log Low
Advertising C:\Documents and Settings\steph\Cookies\steph@ads.pointroll[2].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@com[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@edge.ru4[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@forum[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@questionmarket[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@realmedia[2].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@trafficmp[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@tribalfusion[2].txt Low
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Service Elevated






HijackThis



Logfile of HijackThis v1.99.1
Scan saved at 9:52:59 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1161565727\ee\aexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nextpimp.com/?rtp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161696119890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #5 on: June 13, 2007, 07:50:56 AM »
Hi scootie668

Please do this:

1. Use HijackThis to fix the following entry:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

2. Delete the following folder:
C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007

3. Then delete this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN

Read this tutorial to learn how to use Registry Editor.
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #6 on: June 13, 2007, 07:52:06 AM »
Hi scootie668

Please do this:

1. Use HijackThis to fix the following entry:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

2. Delete the following folder:
C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007

3. Then delete this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN

Read this tutorial to learn how to use Registry Editor.
Logged
scootie668
Newbie
*
Posts: 5


View Profile
« Reply #7 on: June 13, 2007, 10:06:42 AM »
I have done a PC restore (to bring the system back to factory settings) on my Dell.. No longer need assistance. Thanks
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.