spybot won't work; WinAntiSpyware
| Author |
Message |
scootie668
Joined: 07 Jun 2007
Posts: 5
|
 Post subject: spybot won't work; WinAntiSpyware |
 |
|
A version of WinAntiSpyware downloaded onto my pc accidently .. apparently this is a rogue antis-pyware product .. I nowhave popups mainly from url.cpvfeed.com .. I have spybot search and destroy and spyware doctor on my pc.. here is a report from spyware doctor. i do not have the paid subscription therefore it will not remove everything.. any thoughts on how to get rid based on the follows :
Infection Name Location Risk
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@atdmt[1].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@fastclick[2].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@media.fastclick[1].txt Low
Advertising C:\Documents and Settings\Administrator1\Cookies\administrator1@statcounter[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\Administrator1\Cookies\administrator1@tribalfusion[1].txt Low
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\1417[1].jpg High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\footer_cat[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\ETM345QF\spacer[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\SHMNGXAR\div[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\5666[1].jpg High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5IBWPUF\check[1].gif High
Known Bad Sites C:\Documents and Settings\Administrator1\Local Settings\Temporary Internet Files\Content.IE5\W5Q74TU7\bullet-arrow[1].gif High
Mirar C:\Documents and Settings\steph\Local Settings\Temp\NNBar_VCSetup_876916_LOG_IES_NoDMY_AFF.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\err.log Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwas7cw.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwasdc.exe Low
WinAntiSpyware C:\Program Files\common files\WinAntiSpyware 2007\uwasers.exe Low
MediaTickets C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe Elevated
PurityScan C:\RECYCLER\S-1-5-21-3761145930-4038122569-246821410-1005\Dc451.dll High
Mirar C:\RECYCLER\S-1-5-21-3761145930-4038122569-246821410-1005\Dc452.dll Low
Rootkit.Agent C:\WINDOWS\system32\drivers\core.cache.dsk High
Rootkit.Agent C:\WINDOWS\system32\drivers\core.sys High
WinAntiVirus C:\WINDOWS\system32\DRIVERS\FOPN.sys Elevated
Virtumonde C:\WINDOWS\system32\jkkli.dll Elevated
Virtumonde Explorer.EXE (C:\WINDOWS\system32\jkkli.dll) Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32 Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32## Elevated
Virtumonde HKCR\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32##ThreadingModel Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32 Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32## Elevated
Virtumonde HKLM\Software\Classes\CLSID\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}\InprocServer32##ThreadingModel Elevated
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Virtumonde HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkli##DllName Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71FB679E-68F8-4B3D-A556-08D342BBC6C8} Elevated
Virtumonde HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71FB679E-68F8-4B3D-A556-08D342BBC6C8}## Elevated
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\Control High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\Control## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CORE\0000\LogConf## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum## High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##0 High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##Count High
Rootkit.Agent HKLM\SYSTEM\ControlSet001\Services\core\Enum##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_CORE\0000\LogConf## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\ControlSet003\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE##NextInstance High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000 High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Capabilities High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Class High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##ClassGUID High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##ConfigFlags High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##DeviceDesc High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Legacy High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000##Service High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\Control High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\Control## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\LogConf High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CORE\0000\LogConf## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN\0000##Service Elevated
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##abcdefg High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##ErrorControl High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##ImagePath High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##Start High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core##Type High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\custom##Publisher High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum## High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##0 High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##Count High
Rootkit.Agent HKLM\SYSTEM\CurrentControlSet\Services\core\Enum##NextInstance High |
|
Thu Jun 07, 2007 1:41 pm
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
|
|
Thu Jun 07, 2007 1:42 pm
|
|
|
scootie668
Joined: 07 Jun 2007
Posts: 5
|
| Post subject: |
|
|
Hijack This Log>>
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:11:00 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1161565727\ee\aolsoftware.exe
c:\program files\common files\aol\1161565727\ee\aexplore.exe
C:\Documents and Settings\steph\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nextpimp.com/?rtp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FED2D2E-7B58-4843-8D9E-62404A698371} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {868865EC-0295-4C7D-B25D-9F65314145E9} - C:\WINDOWS\system32\xxyaayw.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C3240EAB-517A-403B-B86E-109539576CDB} - C:\WINDOWS\system32\mljgd.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\uhjkbcvo.dll
O2 - BHO: (no name) - {EB5DEA17-A6AD-4247-A956-BAB8E95F7BF7} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161696119890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O20 - Winlogon Notify: geebx - C:\WINDOWS\
O20 - Winlogon Notify: mljgd - C:\WINDOWS\system32\mljgd.dll
O20 - Winlogon Notify: xxyaayw - C:\WINDOWS\SYSTEM32\xxyaayw.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12383 bytes |
|
Thu Jun 07, 2007 7:41 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi scootie668
I'm sorry, but we don't accept HijackThis 2.0.0 logs yet. This version is still BETA. You have to post HijackThis 1.99.1 log. It's the latest "stable" version. |
|
Fri Jun 08, 2007 5:35 am
|
|
|
scootie668
Joined: 07 Jun 2007
Posts: 5
|
| Post subject: |
|
|
I have done all the recommended things to get rid of this rogue called WinAntiSpyware and it seemed to work as far as the pop-ups.. however, Spyware doctor has let me know the WinAntiSpyware is back in my folders..no matter how many times deleted this mess keeps coming back.. see below ..
Spyware Doctor Activity Report
Scans (basic information only):
Scan Results:
scan start: 6/8/2007 7:00:00 PM
scan stop: 6/8/2007 7:13:11 PM
scanned items: 109263
found items: 33
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs\update.log Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@247realmedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@2o7[1].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@ads.pointroll[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@atwola[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@bs.serving-sys[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@ehg-foxsports.hitbox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@hitbox[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@m.webtrends[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@questionmarket[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@realmedia[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@serving-sys[1].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@trafficmp[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@tribalfusion[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@www.geekstogo[1].txt Low
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High
Trojan.Downloader.Ruins HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls High
Trojan.Downloader.Ruins HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Service Elevated
Scan Results:
scan start: 6/9/2007 7:00:00 PM
scan stop: 6/9/2007 7:14:00 PM
scanned items: 109446
found items: 25
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner
Infection Name Location Risk
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007 Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs Low
WinAntiSpyware C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007\Logs\update.log Low
Advertising C:\Documents and Settings\steph\Cookies\steph@ads.pointroll[2].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@com[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@edge.ru4[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@forum[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@questionmarket[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@realmedia[2].txt Low
Advertising C:\Documents and Settings\steph\Cookies\steph@trafficmp[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\steph\Cookies\steph@tribalfusion[2].txt Low
LZIO Websearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Main##NID High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan.PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN##NextInstance Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00 Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00## Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Class Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ClassGUID Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##ConfigFlags Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##DeviceDesc Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Legacy Elevated
WinAntiVirus HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN00##Service Elevated
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 9:52:59 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\program files\common files\aol\1161565727\ee\aexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nextpimp.com/?rtp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1161565727\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net/
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161696119890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - IntelĀ® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy |
|
Sun Jun 10, 2007 2:41 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi scootie668
Please do this:
1. Use HijackThis to fix the following entry:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
2. Delete the following folder:
C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007
3. Then delete this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
Read this tutorial to learn how to use Registry Editor. |
|
Wed Jun 13, 2007 1:50 pm
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi scootie668
Please do this:
1. Use HijackThis to fix the following entry:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
2. Delete the following folder:
C:\Documents and Settings\steph\Application Data\WinAntiSpyware 2007
3. Then delete this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FOPN
Read this tutorial to learn how to use Registry Editor. |
|
Wed Jun 13, 2007 1:52 pm
|
|
|
scootie668
Joined: 07 Jun 2007
Posts: 5
|
| Post subject: |
|
|
I have done a PC restore (to bring the system back to factory settings) on my Dell.. No longer need assistance. Thanks |
|
Wed Jun 13, 2007 4:06 pm
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
Malwarebytes Anti Malware
 (89/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Spy Sweeper
 (85/100)
Spy Sweeper is one of the most powerful and effective spyware removers available today. This Webroot Software's product uses unique, patent-pending parasite detection and removal...
Windows Defender
 (80/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
SUPERAntiSpyware
 (75/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
Encyclopedia of parasites:
|
