Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.Trojan.Yspy


  • This topic is locked This topic is locked

#301
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
No, that is the one that popped up from DSS. I will redo of course if you request. You can tell it is the new one because it has date and time on the scan.

Edited by kelkay, 24 July 2008 - 11:25 AM.

  • 0

Advertisements


#302
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Avenger attached.

Attached Files


  • 0

#303
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
DSS scan report attached.

Attached Files

  • Attached File  main.txt   40.67KB   53 downloads

  • 0

#304
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
:) There are files on the main.txt that I do not know where they came from. One is bitcomet, I have never downloaded that. Gemmaster must be a preloaded game we cannot get it from program files. There are many here I do not know...killspy.net, scanspyware, dealhelper.com, buddylinks.net, popcorn.net, dealhelper, websnitch, prvdef, btppdv.2, 12schemas, abelhadigital.com, scorpio software

Here is a list further showing programs I do not know. I must have some really tricky infections because you would think that with all of this work, this would have more than wiped out every last one of them. I cannot thank you all enough for your patience, and expertise in this. I am dumbfounded that there are still infections. I ran a Kaspersky home scan, and Superantispyware scan today, and both now show no infection. I can see the free program not catching a couple of infections...but the Kaspersky should find them, so I can feel secure in the fact there are no infections. NOD32 missed some too. I do not know what AV program I can trust. I have tried what I thought were the best. Kaspersky found invaders...but it doesn't always allow you to put stuff in quarantine. That is why I deleted some stuff, and they are in backup. I posted on that already. It was posted today.

2008-07-19 14:39:44 284 -r-h----- C:\Program Files\fix my registry
2008-07-19 14:39:44 276 -r-h----- C:\Program Files\beclean
2008-07-19 14:39:44 274 -r-h----- C:\Program Files\ad armor
2008-07-19 14:39:44 274 -r-h----- C:\Program Files\1stantivirus
2008-07-19 14:39:44 0 dr-hs---- C:\WINDOWS\csrss.exe
2008-07-19 14:39:44 277 -r-h----- C:\Program Files\winferno
2008-07-19 14:39:44 274 -r-h----- C:\Program Files\secure pc solutions
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\expertantivirus
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\easy erase spyware remover
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\curepcsolution
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\codeclean2007
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\allume systems
2008-07-19 14:39:54 274 -r-h----- C:\Program Files\cleanx2007
2008-07-19 14:39:54 274 -r-h----- C:\Program Files\bulletproofsoft.com
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\softwaredoctor
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\bps remover
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\antivirusgoldenpro
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\antivirus solution
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\adwareX eliminator
2008-07-19 14:39:53 274 -r-h----- C:\Program Files\adware spyWare removal
2008-07-19 14:39:52 274 -r-h----- C:\Program Files\adwareremovergold.com
2008-07-19 14:39:51 274 -r-h----- C:\Program Files\adware remover
2008-07-19 14:39:50 274 -r-h----- C:\Program Files\pcprivacysoftware.com
2008-07-19 14:39:50 274 -r-h----- C:\Program Files\adware agent
2008-07-19 14:39:50 274 -r-h----- C:\Program Files\ads adware remover
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\brp
2008-07-19 14:40:00 236 -r-h----- C:\Program Files\browser pal
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\bpt
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\bpc_search
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\bcpc
2008-07-19 14:40:00 0 dr-hs---- C:\csrss.exe
2008-07-19 14:39:59 0 dr-hs---- C:\winstall.exe
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\zserv.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\voiceip.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\winxp.exe
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\winhost.exe
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\windll.exe
2008-07-19 14:39:59 248 -r-h----- C:\WINDOWS\system32\win type
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\twain32.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\nvms.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\msbe.dll
2008-07-19 14:39:59 248 -r-h----- C:\WINDOWS\system32\ide
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\ginuerep.dll
2008-07-19 14:39:59 230 -r-h----- C:\WINDOWS\system32\feeds
2008-07-19 14:39:59 236 -r-h----- C:\WINDOWS\system32\exefld
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\dxmpp.dll
2008-07-19 14:39:59 248 -r-h----- C:\WINDOWS\system32\dhcp32
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\system32\anti_troj.exe
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\pynix.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\mssvr.exe
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\dlmax.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\btgrab.dll
2008-07-19 14:39:59 222 -r-h----- C:\WINDOWS\bde
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\2020search2.dll
2008-07-19 14:39:59 0 dr-hs---- C:\WINDOWS\2020search.dll
2008-07-19 14:39:59 234 -r-h----- C:\Program Files\windowssa
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\the guard
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\sysal
2008-07-19 14:39:59 274 -r-h----- C:\Program Files\security iguard
2008-07-19 14:39:59 274 -r-h----- C:\Program Files\securemypc
2008-07-19 14:39:59 274 -r-h----- C:\Program Files\scan & repair utilities 2007
2008-07-19 14:39:59 274 -r-h----- C:\Program Files\psguard
2008-07-19 14:39:59 274 -r-h----- C:\Program Files\pcsecurityshield
2008-07-19 14:39:59 246 -r-h----- C:\Program Files\netturbotrial
2008-07-19 14:39:59 246 -r-h----- C:\Program Files\mediaring talk
2008-07-19 14:39:59 240 -r-h----- C:\Program Files\funcade
2008-07-19 14:39:59 228 -r-h----- C:\Program Files\fs
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\cxtpls
2008-07-19 14:39:59 246 -r-h----- C:\Program Files\Common Files\betterinternet
2008-07-19 14:39:59 240 -r-h----- C:\Program Files\cashback
2008-07-19 14:39:59 240 -r-h----- C:\Program Files\cardcrazy
2008-07-19 14:39:59 236 -r-h----- C:\Program Files\bonzibuddy
2008-07-19 14:39:59 222 -r-h----- C:\Program Files\bde
2008-07-19 14:39:59 240 -r-h----- C:\Program Files\bargain buddy
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\backweb
2008-07-19 14:39:59 244 -r-h----- C:\Program Files\arcaderockstar
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\aproposclient
2008-07-19 14:39:59 228 -r-h----- C:\Program Files\altnet
2008-07-19 14:39:59 232 -r-h----- C:\Program Files\adstatus service
2008-07-19 14:39:59 228 -r-h----- C:\Program Files\acetoolbar
2008-07-19 14:39:59 246 -r-h----- C:\Program Files\accoona
2008-07-19 14:39:59 246 -r-h----- C:\Program Files\abetterinternet
2008-07-19 14:39:59 230 -r-h----- C:\Program Files\2search
2008-07-19 14:39:59 222 -r-h----- C:\bde
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\privacy crusader demo
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\privacy champion
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\pestbot
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\perfectcleaner
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\pal spyrem
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\neospace
2008-07-19 14:39:58 274 -r-h----- C:\Program Files\malwarewipers
2008-07-19 14:39:57 274 -r-h----- C:\Program Files\malwaresweeper.com
2008-07-19 14:39:55 0 dr-hs---- C:\WINDOWS\xpupdate.exe
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\kazaap
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\guardbar
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\goodbye spy
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\froggie scan demo
2008-07-19 14:39:55 274 -r-h----- C:\Program Files\flobo spyware clean
2008-07-19 14:40:03 260 -r-h----- C:\Program Files\websearch
2008-07-19 14:40:03 260 -r-h----- C:\Program Files\webrebates
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\real-tens
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\movienetworks
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\mlh
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\medch
2008-07-19 14:40:03 238 -r-h----- C:\Program Files\lycos
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\kfh
2008-07-19 14:40:03 258 -r-h----- C:\Program Files\keylog
2008-07-19 14:40:03 228 -r-h----- C:\Program Files\gator.com
2008-07-19 14:40:03 246 -r-h----- C:\Program Files\fwn toolbar
2008-07-19 14:40:03 236 -r-h----- C:\Program Files\fastseeker
2008-07-19 14:40:03 226 -r-h----- C:\Program Files\ezurl
2008-07-19 14:40:03 246 -r-h----- C:\Program Files\exploreanywhere
2008-07-19 14:40:03 248 -r-h----- C:\Program Files\exact
2008-07-19 14:40:03 230 -r-h----- C:\Program Files\emedia codec
2008-07-19 14:40:03 260 -r-h----- C:\Program Files\ebatesmoemoneymaker
2008-07-19 14:40:03 260 -r-h----- C:\Program Files\ebates_moemoneymaker
2008-07-19 14:40:03 228 -r-h----- C:\Program Files\e2give
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\drivecleaner free
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\downloadware
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\downloadware engine
2008-07-19 14:40:03 244 -r-h----- C:\Program Files\dealio
2008-07-19 14:40:03 236 -r-h----- C:\Program Files\dealhelper
2008-07-19 14:40:03 234 -r-h----- C:\Program Files\dateregon
2008-07-19 14:40:03 238 -r-h----- C:\Program Files\date manager
2008-07-19 14:40:03 228 -r-h----- C:\Program Files\data19
2008-07-19 14:40:03 238 -r-h----- C:\Program Files\csbb
2008-07-19 14:40:03 234 -r-h----- C:\Program Files\comsoft
2008-07-19 14:40:03 236 -r-h----- C:\Program Files\commonname
2008-07-19 14:40:03 248 -r-h----- C:\Program Files\Common Files\eacceleration
2008-07-19 14:40:03 240 -r-h----- C:\Program Files\Common Files\drivecleaner free
2008-07-19 14:40:03 226 -r-h----- C:\Program Files\Common Files\cpush
2008-07-19 14:40:03 262 -r-h----- C:\Program Files\colej_uk design toolbar
2008-07-19 14:40:03 238 -r-h----- C:\Program Files\cntrc
2008-07-19 14:40:03 234 -r-h----- C:\Program Files\clocksync
2008-07-19 14:40:03 234 -r-h----- C:\Program Files\clipgenie
2008-07-19 14:40:03 234 -r-h----- C:\Program Files\clientman
2008-07-19 14:40:03 228 -r-h----- C:\e2g
2008-07-19 14:40:00 0 dr-hs---- C:\WINDOWS\system32\ipv6mons.dll
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\tvs
2008-07-19 14:40:00 238 -r-h----- C:\Program Files\rvp
2008-07-19 14:40:00 236 -r-h----- C:\Program Files\letssearch
2008-07-19 14:40:00 236 -r-h----- C:\Program Files\Common Files\psd tools
2008-07-19 14:40:00 228 -r-h----- C:\Program Files\Common Files\gmt
2008-07-19 14:40:00 228 -r-h----- C:\Program Files\Common Files\cmeii
  • 0

#305
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I ran CWShredder (Cool Web Search Trojan Remover v2.19) and it shows these files...I will attach.
Sophos Anti-Rootkit showed 0 problems now.
Well I don't know where the attachment went...I don't see it so I will type it here.
CWS.Mupdate
CWS.Msconfd
CWS.Smartsearch
CWS.Aboutblank
So this is four trojans it is showing....I used to run this program now and then with Sophos Anti Rootkit. Neither showed anything until my computer was infected a couple of months ago. Finally Sophos is clear. I just remembered this program while searching through Major Geeks for programs to help find these infections.

Edited by kelkay, 24 July 2008 - 12:18 PM.

  • 0

#306
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Hi, kelkay :)

Lets try this again.

  • Download the attached file and save it to your C:\ drive. Overwrite the existing one.
  • When having saved it, the file path should be C:\remove.txt
  • Open the Avenger.
  • Select Load Script from the menu, then From File .
  • Browse to C:\remove.txt and click open.
  • Then click the Execute button.
  • This will begin the execution of the script currently in memory.
  • The Avenger will set itself up to run the next time you reboot your computer, and then will prompt you to restart immediately.
  • After your system restarts, a log file should open with the results of Avenger’s actions. This log file is located at C:\avenger.txt. The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backups.zip.
Post the contents of the C:\avenger.txt file and attach a fresh DSS main.txt report.
  • 0

#307
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
avenger.txt attached

Attached Files


  • 0

#308
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Hi, kelkay :)

Please download OTCleanIT by OldTimer.
  • Save it to your desktop.
  • Please double-click OTCleanIT.exe to run it. (Vista users, please right click on OTCleanIT.exe and select "Run as an Administrator")
  • This will delete the tools we used in the removal of malware, including this program.
  • If you are asked to reboot to complete the removal process then please do so
Upon restart, remove the Avenger and any remaining tools. Make sure you delete the following folder:

C:\Avenger

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#309
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
DSS report attached too.

Attached Files

  • Attached File  main.txt   20.53KB   61 downloads

  • 0

#310
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
DSS seems clear. Proceed with the instructions in Post #308
  • 0

Advertisements


#311
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts

DSS seems clear. Proceed with the instructions in Post #308

That is a relief...I already did the OTClean thing...now I am trying to make sure every last Avenger file is gone.
  • 0

#312
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
How do I disable Spyware Blaster?
  • 0

#313
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Combo Fix file is attached.

Attached Files


  • 0

#314
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:43, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\HostsMan\hm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HostsMan] "C:\Program Files\HostsMan\hm.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36} (OMN Player Support) - http://kdx.omn.org/s...ayerSupport.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5} (OMN Media Publisher) - http://kdx.omn.org/s...iaPublisher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave...h2.1.0.0.67.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165348971449
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 8838 bytes
  • 0

#315
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Malwarebytes Anti-Malware program has a trojan in quarantine.

C:\Program Files\Shockwave.com\Jane's Hotel\product\Jane's Hotel.exe (Trojan.Agent) -> Quarantined and deleted successfully. It says deleted, but I see it is still in quarantine. My kids say they never heard of the game. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP