Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Trojan.Yspy


  • This topic is locked This topic is locked

#166
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts

And the other log please. Files2.txt
What program do you want removed?

I wanted Spybot S&D remnants taken out. 3 files were under the file Spybot S&D. I thought maybe if I deleted them that the Spybot S&D could be reinstalled. I tried to install it again, but it wouldn't let me.
  • 0

Advertisements


#167
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Volume in drive C is HP_PAVILION
Volume Serial Number is 54A4-E9FB

Directory of c:\Program Files\AOL Toolbar

07/26/2002 18:02 153,088 UNWISE.EXE
03/05/2004 18:40 5,851 UNWISE.INI
2 File(s) 158,939 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo Burning Studio 2007\Uninstall

09/28/2001 19:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo Burning Studio 5\Uninstall

09/28/2001 19:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall

09/28/2001 17:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo Music Studio 3\Uninstall

09/28/2001 18:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo PowerUp XP Platinum 2\Uninstall

09/28/2001 19:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\uninstall

09/28/2001 18:00 243,200 UNWISE.EXE
1 File(s) 243,200 bytes

Directory of c:\Program Files\CareerDirect

06/25/1999 10:55 149,504 UNWISE.EXE
1 File(s) 149,504 bytes

Directory of c:\Program Files\CD to MP3 Freeware

06/25/1999 11:55 149,504 UNWISE.EXE
12/29/2006 00:06 29 UNWISE.INI
2 File(s) 149,533 bytes

Directory of c:\Program Files\Click'N Design 3D (V5)

09/28/2001 17:00 164,864 UNWISE.EXE
1 File(s) 164,864 bytes

Directory of c:\Program Files\Rhapsody

04/21/2005 20:20 162,304 Unwise32.exe
1 File(s) 162,304 bytes

Directory of c:\Program Files\Yahoo!\Messenger

07/26/2002 17:02 153,088 UNWISE.EXE
1 File(s) 153,088 bytes

Total Files Listed:
14 File(s) 2,397,432 bytes
0 Dir(s) 132,660,895,744 bytes free
  • 0

#168
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:08, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OYKNVASYNG - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\OYKNVASYNG.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8834 bytes
  • 0

#169
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Did ZoneAlarm allowed it to run when you tried reinstalling it?
Did you received any alert when you ran the Installer?

Could you do this.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O23 - Service: OYKNVASYNG - Unknown owner - C:\DOCUME~1\Kelly\LOCALS~1\Temp\OYKNVASYNG.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.
Close HiJackThis.
  • 0

#170
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
You are talking about Spybot S&D, when I tried to install it? I don't recall getting any notices, or warnings from Zone Alarm. If I did I could of just shut it down temporarily. It took a long time for that Windows SP3 update. It went through. I noticed since it was put on last night, the time it takes my computer to load is much much longer.

CWShredder still shows I have infections, this is currently the trojans it believes I have.

CWS.Mupdate
CWS.Msconfd
CWS.Smartsearch
CWS.Aboutblank
  • 0

#171
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:20, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8707 bytes
  • 0

#172
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

It took a long time for that Windows SP3 update. It went through. I noticed since it was put on last night, the time it takes my computer to load is much much longer.


That does happen sometimes especially if your system have low resources.
You could perform system maintenance and I could remove some programs on start up that aren't t required to run.
Do you want me to?

You are talking about Spybot S&D, when I tried to install it? I don't recall getting any notices, or warnings from Zone Alarm. If I did I could of just shut it down temporarily.


Yes please, temporarily disable ZoneAlarm's OS Firewall until we get your issues resolved.

1. Go to the Program tab, then click "Main".
2. Press the first "Custom" button from the top.
3. Uncheck "Enable OS Firewall".
4. Click OK.

Next,

We'll use Windows firewall for a while.

Enable Windows Firewall
Click Start >> Run >> type Firewall.cpl, and then OK.
On the General tab, click On (recommended), and then OK.

Then,

Click on Start >> Run then Copy/Paste the text in codebox.

C:\WINDOWS\unins000.exe

This will uninstall Spybot.
You may receive prompts, just follow them to uninstall.
If you receive an error message, please let me know.

Finally,

CWS.Mupdate
CWS.Msconfd
CWS.Smartsearch
CWS.Aboutblank

Don't see any signs of those in your log.
It could be a false positive. Why'd you run CWShredder anyway?
You could post the log so I can have a look at it.

Also, run this.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post back with the following logs.

- SuperAntispyware log
- CWshredder log
- Update on Spybot uninstall
  • 0

#173
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
You could perform system maintenance and I could remove some programs on start up that aren't t required to run.
Do you want me to?

Sure, that would be fine.
  • 0

#174
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I was able to successfully install Spybot S&D after your instructions on deleting that file. Thank you!
As far as CWShredder...it is just one of the things I do on a regular basis to try and find malware. It has never shown anything till now, and neither has Sophos Anti-root kit until recently. Now they both show stuff. The only thing that came up on the scan was what I showed you on here. It did not create a log file, or text file of the results. It just showed exactly what I typed on here as to it's name. I decided to run it again after reading this message. I clicked fix, and send to the recycle bin instead of deleting in case it was a false positive.
These three files are in my recycle bin now.

Explore.exe 4KB
Svchost.exe 4KB
Internet.exe 4KB

This looks to me like files I definitely need. Whether it is a false positive or not, I do not know.
The variants it said it removed by these files were these....
CWS.Smartsearch
CWS.Aboutblank

Edited by kelkay, 02 July 2008 - 10:21 AM.

  • 0

#175
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
CWShredder report

**** Run Keys ****

RUN: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
RUN: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
RUN: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
RUN: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


**** Browser Helper Objects ****

BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: [SpywareGuardDLBLOCK.CBrowserHelper] C:\Program Files\SpywareGuard\dlprotect.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
BHO: [hpWebHelper Class] C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll


**** IE Toolbars ****

TOOLBAR: [WebFerret] C:\Program Files\FerretSoft\WebFerret\FerretBand.dll


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\system32\msjava.dll
IEExt: [AOL Toolbar] C:\WINDOWS\system32\msjava.dll
IEExt: [PalTalk] C:\Program Files\Paltalk Messenger\Paltalk.exe
IEExt: [PalTalk] C:\Program Files\Paltalk Messenger\Paltalk.exe
IEExt: [Internet Connection Help] C:\Program Files\Paltalk Messenger\Paltalk.exe
IEExt: [Internet Connection Help] C:\Program Files\Paltalk Messenger\Paltalk.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

IEBypass: 127.0.0.1
Default Page: http://go.microsoft....k/?LinkId=69157
Default Search: http://go.microsoft....k/?LinkId=54896
Local Page: C:\windows\system32\blank.htm
Search Page: http://www.microsoft...amp;ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [&AOL Toolbar search] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [&D&ownload &with BitComet] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [&D&ownload all video with BitComet] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [&D&ownload all with BitComet] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [&WordWeb...] res://C:\WINDOWS\system32\wweb32.dll/lookup.html
IEContext: [Download with Star Downloader] res://C:\WINDOWS\system32\wweb32.dll/lookup.html


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F07652D-9842-404D-B979-93C3DBD38885}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F07652D-9842-404D-B979-93C3DBD38885}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC66573B-7393-429F-9833-129CDC3EBDFC}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC66573B-7393-429F-9833-129CDC3EBDFC}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FF696E4-F7F5-4CEA-AF40-47390CFFA864}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7FF696E4-F7F5-4CEA-AF40-47390CFFA864}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{892900FC-9814-4488-99C0-81491C1EE93D}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4D589907-2D53-4DBA-8511-D302D05BE3EB}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FECA2202-8AB9-4832-997F-0DA2317240A6}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D66141F2-6AF6-4EFA-BF5C-90C7F13C19B6}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D66141F2-6AF6-4EFA-BF5C-90C7F13C19B6}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2FB511A-7727-4D07-998A-B7AD1D03DA1B}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C2FB511A-7727-4D07-998A-B7AD1D03DA1B}] DATAGRAM 6


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file:///C:/WINDOWS/Java/classes/xmldso.cab]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} [http://www.creative....30/CTSUEng.cab]
{127CE7BA-AD89-4108-A913-C52EFC037C36} [http://kdx.omn.org/s...yerSupport.cab]
{193C772A-87BE-4B19-A7BB-445B226FE9A1} [http://download.ewid...OnlineScan.cab]
{2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} [http://kdx.omn.org/s...aPublisher.cab]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll] C:\Program Files\Yahoo!\common\yinsthelper.dll C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
{639658F3-B141-4D6B-B936-226F75A5EAC3} [http://www.shockwave...2.1.0.0.67.cab]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [http://update.micros...?1165348971449]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...ndows-i586.cab]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://java.sun.com/...ndows-i586.cab]
{A7ECD556-D6F6-4F41-8C6B-14AB246801A0} [http://kdx.omn.org/s...ry/omn/kdx.cab]
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/...ndows-i586.cab]
{F6ACF75C-C32C-447B-9BEF-46B766368D29} [http://www.creative....5030/CTPID.cab]


**** Windows Services ****

[aawservice] "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AOL ACS] "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
[AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[ARSVC] C:\WINDOWS\arservice.exe
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Creative Service for CDROM Access] C:\WINDOWS\system32\CTsvcCDA.exe
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ehRecvr] C:\WINDOWS\eHome\ehRecvr.exe
[ehSched] C:\WINDOWS\eHome\ehSched.exe
[EhttpSrv] "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
[ekrn] "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FontCache3.0.0.0] c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[ImapiService] %systemroot%\system32\imapi.exe
[iPod Service] "C:\Program Files\iPod\bin\iPodService.exe"
[KService] "C:\Program Files\Kontiki\KService.exe"
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[McrdSvc] C:\WINDOWS\ehome\mcrdsvc.exe
[MDM] "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[MHN] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSIServer] %systemroot%\system32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[OYKNVASYNG] C:\DOCUME~1\Kelly\LOCALS~1\Temp\OYKNVASYNG.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SansaService] C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[vsmon] C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn...st/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn...st/srchcust.htm
SEARCH: [Default_Search_URL] http://www.microsoft...amp;ar=iesearch


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\windows\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft...p...&ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft...amp;ar=iesearch
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Default_Search_URL] http://www.microsoft...amp;ar=iesearch
IEOPT: [Use Custom Search URL]
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] no
IEOPT: [Window_Placement] ,
IEOPT: [FullScreen] no
IEOPT: [Use FormSuggest] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [NscSingleExpand]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Page_Transitions]
IEOPT: [FavIntelliMenus] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [UseThemes]
IEOPT: [Force Offscreen Composition]
IEOPT: [AllowWindowReuse]
IEOPT: [Friendly http errors] yes
IEOPT: [ShowGoButton] yes
IEOPT: [SmoothScroll]
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Show image placeholders]
IEOPT: [Print_Background] no
IEOPT: [AutoSearch]
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [CompatibilityFlags]
IEOPT: [SearchMigrated]
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [Error Dlg Details Pane Open] yes
IEOPT: [EnableSearchPane]
IEOPT: [LastCheckedHi] pŘČs
IEOPT: [AutoHide] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AlwaysShowMenus]
IEOPT: [Default_Page_URL] http://go.microsoft....k/?LinkId=69157
IEOPT: [Default_Search_URL] http://go.microsoft....k/?LinkId=54896
IEOPT: [Search Page] http://go.microsoft....k/?LinkId=54896
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\windows\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft...p...ER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.00.2800.1017
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [SearchMigrated]
IEOPT: [Use Custom Search URL]

Edited by kelkay, 02 July 2008 - 10:27 AM.

  • 0

Advertisements


#176
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2008 at 01:00 PM

Application Version : 4.15.1000

Core Rules Database Version : 3495
Trace Rules Database Version: 1486

Scan type : Complete Scan
Total Scan Time : 01:28:11

Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 7126
Registry threats detected : 0
File items scanned : 141982
File threats detected : 111

Adware.SurfSideKick
C:\Program Files\SurfSideKick 3

Adware.Apropos Media
C:\Program Files\Aprps

Adware.SpywareStrike
C:\Program Files\SpywareStrike

Adware.WhenU
C:\Program Files\Save
C:\Program Files\Common Files\WhenU
C:\Program Files\WHENUSEARCH

Adware.180solutions/ZangoSearch
C:\Program Files\Zango
C:\Program Files\Zango Programs

Adware.Surf Accuracy
C:\Program Files\SurfAccuracy

Adware.IST/ISTBar (Slotch Bar)
C:\Program Files\ISTBar

Adware.Ezula
C:\WINDOWS\system32\ezstub.exe
C:\WINDOWS\eZinstall.exe
C:\Program Files\Ezula
C:\Program Files\Web Offer

Trojan.SpySheriff
C:\Program Files\SpySheriff

Adware.WebHancer
C:\Program Files\WEBHANCER
C:\Program Files\whInstall

Spyware.WebSearch (WinTools/Huntbar)
C:\Program Files\Common Files\WinTools

Trojan.AdwarePunisher
C:\Program Files\AdwarePunisher

Adware.ClickSpring
C:\Program Files\PuritySCAN

Adware.Sandboxer (MemoryWatcher)
C:\Program Files\MemoryWatcher

Adware.WebNexus
C:\WINDOWS\system32\wuauclt.dll
C:\WINDOWS\wupdt.exe

Adware.BookedSpace
C:\WINDOWS\bsx32
C:\WINDOWS\bs2.dll
C:\WINDOWS\bs3.dll
C:\WINDOWS\bsx5.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\oo4.dll
C:\WINDOWS\system32\acd.dll
C:\WINDOWS\system32\anaamon.dll
C:\WINDOWS\system32\bs2.dll
C:\WINDOWS\system32\bs3.dll
C:\WINDOWS\system32\bsx5.dll
C:\WINDOWS\system32\bxsx5.dll
C:\WINDOWS\system32\bxxs5.dll
C:\WINDOWS\system32\oo4.dll
C:\WINDOWS\system32\rem00001.dll

Trojan.MalwareWipe
C:\Program Files\MalwareWipe.com

Trojan.WinFixer 2006
C:\Program Files\Common Files\WinFixer 2006
C:\Program Files\WinFixer_2006
C:\WINDOWS\system32\dfe1.exe

Trojan.NewDotNet
C:\Program Files\NewDotNet

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._

Adware.Starware
C:\Program Files\Starware

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility

Adware.HotBar/ShopperReports (Low Risk)
C:\Program Files\ShopperReports

Adware.IST/YourSiteBar
C:\Program Files\YourSiteBar

Trojan.UnSpyPC Spyware Scanner
C:\Program Files\UnSpyPC

Trojan.Unknown Origin
C:\WINDOWS\mslagent

Trojan.PestTrap
C:\Program Files\PestTrap

Trojan.RazeSpyware
C:\Program Files\RazeSpyware

Trojan.AdwareSheriff
C:\Program Files\AdwareSheriff

Trojan.RemedyAntiSpy
C:\Program Files\RemedyAntispy

Trojan.HitVirus
C:\Program Files\HitVirus

Trojan.ADWareBazooka
C:\Program Files\ADWareBazooka

Trojan.RegiFast
C:\Program Files\RegiFast

Adware.Toolbar888
C:\Program Files\Toolbar888

Trojan.SpyFalcon
C:\Program Files\SpyFalcon

Adware.ClearSearch
C:\Program Files\ClearSearch

Trojan.BraveSentry
C:\Program Files\BraveSentry

Adware.Best Offers Network
C:\Program Files\TBONBin

Adware.TrustInCash
C:\Program Files\TrustIn Bar
C:\Program Files\TrustIn Search
C:\Program Files\TrustIn Contextual
C:\Program Files\TrustIn Popups
C:\WINDOWS\system32\tisa.cnf

Trojan.Spyware Stormer
C:\Program Files\Spyware Stormer

Trojan.CDSC63R
C:\WINDOWS\system32\cdscsix3.dll

Adware.Elite Media
C:\WINDOWS\etb

Malware.AlertSpy
C:\Program Files\AlertSpy

Spyware.E2G
C:\Program Files\E2G

Adware.IPWins
C:\Program Files\ipwindows

Adware.BargainBuddy/NaviSearch
C:\Program Files\BullsEye Network
C:\Program Files\NaviSearch

Malware.RegFreeze
C:\Program Files\RegFreeze

Malware.Adware Finder
C:\Program Files\AdFinderToolbar
C:\Program Files\AdwareFinder

Malware.KillAndClean
C:\Program Files\KillAndClean

Malware.AntiVirusGolden
C:\Program Files\AntiviralGolden

Trojan.Media-Codec
C:\Program Files\Media-Codec
C:\Program Files\MMediaCodec

Malware.Antispyware Soldier
C:\Program Files\Antispyware Soldier

Adware.180solutions/Seekmo
C:\Program Files\Seekmo

Malware.DriveCleaner
C:\Program Files\DriveCleaner 2006 Free

Malware.PestCapture
C:\Program Files\PestCapture

Malware.AntiVermins
C:\Program Files\AntiVermins

Adware.AdSponsor
C:\Program Files\AdSponsor

Malware.MalwareAlarm
C:\Program Files\MalwareAlarm

Malware.ContraVirus
C:\Program Files\ContraVirus

Malware.SpyDawn
C:\Program Files\SpyDawn

Malware.MalwareStopper
C:\Program Files\MalwareStopper

Adware.Web Buying
C:\Program Files\Web Buying

Adware.IST/SideFind
C:\Program Files\SideFind

Unclassified.PC MightyMax
C:\Program Files\PC MightyMax

Malware.LocusSoftware Inc/AVSystemCare
C:\Program Files\AVSystemCare

Rogue.AntiVirusProtection
C:\Program Files\Antivirus Protection

Rogue.SpywareRemover
C:\Program Files\Spyware Remover

Rogue.Installer/Trace
C:\Program Files\180search assistant
C:\Program Files\180searchassistant
C:\Program Files\stc

Spyware.ShopNav
C:\Program Files\Srng

Rogue.MyNetProtector
C:\Program Files\MyNetProtector

Rogue.AdwareSpy
C:\Program Files\AdwareSpy

Rogue.ETDScanner
C:\Program Files\ETD Security Scanner

Rogue.MySpyProtector
C:\Program Files\MySpyProtector

Rogue.PCHealthPlan
C:\Program Files\PC Health Plan

Rogue.MandelEnterprise/Variants
C:\Program Files\Adware Patrol
C:\Program Files\Doctor Adware
C:\Program Files\Doctor Adware Pro

Adware.Tracking Cookie
adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.network.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.azjmp.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.a.websponsors.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.a.websponsors.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
anat.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
anad.tacoda.net [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.socialmedia.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.partner2profit.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\bfi975b0.default\cookies.txt ]
  • 0

#177
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts

I was able to successfully install Spybot S&D after your instructions on deleting that file.


I didn't asked you to delete it. Actually, I wanted you to run the uninstaller.
Good thing it turned out ok.

Are you doing a system restore? If yes, please don't.
Please stop running CWShredder as I don't trust it that much.
If SuperAntispyware and Kaspersky didn't detect it, that's good enough for me.

Which firewall now is enabled?
You can enable Zonealarm again as we have achieved our goal of removing Spybot.
If by any chance ZoneAlarm or Esset flags Sdfix. Please ignore and allow it to perform its task.

Next,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#178
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Sorry I didn't mean delete, I meant uninstall.

CODE
C:\WINDOWS\unins000.exe


This will uninstall Spybot.
You may receive prompts, just follow them to uninstall.
If you receive an error message, please let me know.


Alright I will uninstall CWShredder if you don't trust it.
  • 0

#179
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
No I wasn't planning a system restore. Zone Alarm is enabled now.
  • 0

#180
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok, you can run SDFIX now. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP