Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/Spysheriff


  • Please log in to reply

#1
organinc

organinc

    New Member

  • Member
  • Pip
  • 6 posts
Hi, i recently got spy sheriff installed onto my computer and didnt know what it was so i researched it and ended up here. It is removed but the scans detected other possible threats, here are my reports, thank you in advance for any help :tazz:



---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:38:49 AM, 02/02/2006
+ Report-Checksum: F6D82512

+ Scan result:

C:\WINDOWS\system32\winvbie.dll -> Spyware.Visua : Cleaned with backup
C:\Documents and Settings\Organ Inc. Farms\Local Settings\Application Data\Ares\My Shared Folder\adobe photoshop cs 8 0x activation keygen multilanguage 2005 - crack,keygenerator,serial.zip/dbc-crack.exe -> Downloader.BBQ.a : Cleaned with backup
C:\Documents and Settings\Organ Inc. Farms\Cookies\organ inc. [email protected][2].txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Organ Inc. Farms\Application Data\Mozilla\Firefox\Profiles\72pgmfm1.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{00491BC9-CE63-4DAC-86A8-95C52DF667E1}\RP105\A0021001.dll -> Spyware.Visua : Cleaned with backup


::Report End


ACTIVE SCAN REPORT:

Incident Status Location

Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe
Adware:adware/spysheriff Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Organ Inc. Farms\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Organ Inc. Farms\Desktop\smitRem\Process.exe
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Daily Weather Forecast\weather.exe
Adware:Adware/IST.ISTBar Not disinfected D:\pscrack\Adobe_Photoshop_CS_and_ImageReady_CS_Activation_by_Amr_Said_www.crack.cd_.zip[unxt.exe]

Edited by organinc, 04 February 2006 - 10:29 PM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

Please visit this page and scroll down to Step 5.
Follow the instructions there to download a tool called Hijackthis and post a log here as a reply to this post.
  • 0

#3
organinc

organinc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Sam :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 2:01:57 PM, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Wacom\TabUserW.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Organ Inc. Farms\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: DllCmd32.lnk = C:\jetsuite\DLLCMD32.EXE
O4 - Global Startup: TabUserW.lnk = D:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\MJT Net Ltd\Macro Scheduler\autologonsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\MJT Net Ltd\Macro Scheduler\msschedsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe



Delete this folder.

C:\Program Files\Daily Weather Forecast


Reboot and post a new hijackthis log.
  • 0

#5
organinc

organinc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:00:05 PM, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Wacom\TabUserW.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Organ Inc. Farms\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DllCmd32.lnk = C:\jetsuite\DLLCMD32.EXE
O4 - Global Startup: TabUserW.lnk = D:\Program Files\Wacom\TabUserW.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Auto Logon Service (AutoLogon) - Unknown owner - C:\Program Files\MJT Net Ltd\Macro Scheduler\autologonsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Macro Scheduler Service (mschedsvc) - Unknown owner - C:\Program Files\MJT Net Ltd\Macro Scheduler\msschedsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks pretty good to me.
How are things on your end?
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
organinc

organinc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:37:25 PM, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wacom\TabUserW.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Organ Inc. Farms\Desktop\HijackThis.exe

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144979211190
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144980015717
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  • 0

#9
OwNt

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
organinc, Please stick to one topic only, I have merged your new topic with your other one.
I have pmed your original helper and asked him to continue helping you.

Please stay with him until you are declared clean.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP