Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Spywarestrick?spyware sheriff. I can't remove these from my system
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Spywarestrick?spyware sheriff. I can't remove these from my system  
Forum Quick Jump
 
New Topic Post reply to : Spywarestrick?spyware sheriff. I can't remove these from my system Printable version of : Spywarestrick?spyware sheriff. I can't remove these from my system
54 posts in this thread.
Viewing Page :  1  2  3 
[ << Previous Thread | Next Thread >> ]

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-3-2006 8:58 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Post a Hijackthis log and let me take a look at it.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-4-2006 10:19 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Logfile of HijackThis v1.99.1
Scan saved at 09:18:14, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-4-2006 10:27 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Any suggestions as how i can remove Norton anti virus, I let my subscribtion run out, then descovered the web site won't recognizes me therefore I can't uninstall it. Have you came across this before?
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-4-2006 2:31 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
I do not recognize any of the following programs, do you?

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe


These products are of unknown, questionable, or dubious value as anti-spyware protection and you should remove them:

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Fix this line with Hijackthis:

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab


To remove any of the following, follow the instructions in the link below:

Norton AntiVirus 2004/2005/2006
Norton AntiVirus Professional 2004
Norton AntiVirus 3, 5 and 10 User Pack 2004/2005/2006
Norton GoBack 3.1/3.5/3.6/4.0/4.1
Norton SystemWorks 2004 Professional Edition
Norton SystemWorks 2005/2006 Premier
Norton SystemWorks 2004/2005/2006
Norton SystemWorks 2006 Basic Edition
Norton Password Manager 2004
Norton Internet Security 2004/2005/2006
Norton Internet Security 5 and 10 User Pack 2004/2005/2006
Norton Internet Security 2005 AntiSpyware Edition 8.2
Norton Personal Firewall 2004/2005/2006
Norton AntiSpam 2004/2005
Norton Ghost 2003/9.0/10.0

service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=bar_sch_nam&docid=2005092916503236&nsf=nip.nsf&view=244fc202cff0619a882570cb0002a0c6&dtype=&prod=&ver=&osv=&osv_lvl=&seg=hm

For earlier versions of Norton, use the following tool:

service1.symantec.com/SUPPORT/nav.nsf/docid/2001092114452606

Post a fresh Hijackthis log after you have gone throughout these processes.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-4-2006 8:03 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Logfile of HijackThis v1.99.1
Scan saved at 18:55:52, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

THIS IS THE REPORT COPIED FROM THE LAST hjt, SCAN AND I HAVE FIXED THE PROGRAM

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeScannerInstall.cab

AS REQUESTED.


I DON'T RECOGNIZE THE OTHER TWO PROGRAMS YOU IDENTIFIED AND I AM HAPPY TO REMOVE THEN, IF YOU THINK I SHOULD.

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe

HOW DO I REMOVE THESE PROGRAMS

O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

i CAN'T FIND THEM IN THE ADD OR REMOVE.
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-4-2006 9:56 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Some programs come with their own uninstaller. It could be present next to the executable (Start->All Programs->Application Name->Uninstaller), or within the folder the application is installed. If that fails, fix the lines with Hijackthis and after doing so, boot in Safe Mode and Delete the folders where the application is installed.

O4 - HKLM\..\Run: [shim loud name option] C:\Documents and Settings\All Users\Application Data\wave ford shim loud\globalaxis.exe
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

Attempt to remove Norton. Once you have ran these tools, post a Hijackthis log to confirm if the application is gone. Do not fix anything related to Norton in Hijackthis. The slowdown could be due to Norton.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-5-2006 11:29 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Logfile of HijackThis v1.99.1
Scan saved at 10:28:05, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
 
THINGS ARE GOING MUCH QUICKER NOW, I THINK I HAVE REMOVED MOST OF NORTON, WHAT DO YOU THINK?
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-5-2006 12:07 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Hi I ve just got a pop-up from SOFTWARE ONLINR .COM, which says that a REGISTRY CLEANER RECOMMENDED and then asking me to do a fre scan, Do you think this is a new problem or a old dormant program?
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-5-2006 5:24 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find:

Symantec Event Manager

Right click on it and choose "Properties".
On the "General" tab under "Service Status" click the "Stop" button to stop the service.
Beside "Startup Type" in the dropdown menu select "Disabled".
Click Apply then OK.

Perform the same action with the following services:

Symantec Password Validation Service
Symantec Proxy Service
Norton Internet Security Accounts Manager
Symantec Network Drivers Service
SymWMI Service

Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service.
If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

In Hijack This, click on the "Open Misc Tools section" button.
Next click the "Delete an NT service" button.
Copy and paste the following in that box:

ccEvtMgr

Click OK.

Perform the same action with the following:

ccPwdSvc
ccPxySvc
NISUM
SNDSrvc
SymWSC

Reboot in Safe Mode.

Delete the following folders with Windows Explorer:

C:\Program Files\Norton Internet Security
C:\Program Files\Common Files\Symantec Shared

Restart the computer. Post a new log.

Does that pop-up happen all the time, or just when you visit certain websites?

Post Edited (JSntgvr) : 2/5/2006 4:25:13 PM GMT

Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-5-2006 8:41 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
HI, Everything went well and "stopped/Disabled" the programs as requested.

However each time I tried to delet the programs via Hijack This I received the following message.
THE SERVICE YOU ENTERED IS SYSTEM-CRITICAL! IT CAN'T BE DELETED.
I tried to delete the following
ccEvtMgr, ccPwdSvc, ccPxySvc, NISUM, SNDSrvc and SymWSC.

I haven't tried to reboot in safe mode as yet, any suggestions as how to proceed?

I found a program runing called THE BEST OFFER, but each time I ve tried to remove it via ADD/REMOVE, it opens a web site called
"The Best Offers Network" and describes it self as a Division of Direct Revenue.
It then informs me to uninstall via going to WWW.bestoffersnetwork.com/uninstall. to get the uninstall tool.
This I have not done as yet. do you think it is safe, I am concerned that I may get another free program which I can't remove.

This pop-up always appears when I looking at web sites which would advertise something eg, car hire, hotels offers things like this.
Does this help identify the program?
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-6-2006 3:37 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
They are critical to Symantec (Norton) but no loger to your computer. Try in Safe Mode and also attempt to delete the folders. Make sure these services are disabled before proceeding. If the service is active, it wont allow you to delete it.

Question: Did you use any of the Symantec Tools I suggested before to remove Norton?
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-6-2006 10:05 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Logfile of HijackThis v1.99.1
Scan saved at 20:52:22, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
HI I THINK I HAVE REMOVED THE NORTON PROGRAMS AT LONG LAST!! WHAT DO YOU THINK?
 
I STILL HAVE THE "The Best Offer" PROGRAM, EACH THIME i TRY AND REMOVE IT VIA THE "ADD/REMOVE PROGRAMS, IT OPENS A WEB SITE IN VIA MS INTERNET EXPLORER. AND BLOCKS THE "ADD/REMOVE" WINDOW SO I HAVE TO REBOOT THE COMPUTOR TO CLOSE THIS.
 
THE POP UPS ARE ATTRACTED TO ANY WEB SITE WHICH DEALS WITH SHOPPING. CAN YOU HELP? THANKS SO FAR.
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-7-2006 1:28 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Close all browsers. Fix these lines in Hijackthis.

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart => There are two entries
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background =>This is not the Messenger
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab


Boot in Safe Mode.

Delete the following file:

C:\Program Files\MSN Messenger\msnmsgr.exe (Make sure you delete the right one)

It looks like the real thing, but it is not.

Try to uninstall that program in Safe mode.

There also should be a folder that can be deleted:

C:\Program Files\Best Offers
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-7-2006 5:04 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
i HAVE FIXED THE FOLLOWING LINES:

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart => There are two entries

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

HOWEVER I AM CONFUSED. DO I FIX THIS LINE?
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background =>This is not the Messenger

I CAN RE-BOOT IN SAFE MODE, BUT HOW DO I FIND THIS FILE? AND DELET IT OR UNINSTALL IT?
C:\Program Files\MSN Messenger\msnmsgr.exe (Make sure you delete the right one)

AS MENTIONED BEFORE, I CAN,T REMOVE OR DELETE THIS FILE AS EVERY TIME I TRY IT JUMPS TO THE WEB SITE DESCRIBED ABOVE AND I CAN'T FIND IT IN PROGRAM FILES?
There also should be a folder that can be deleted:

C:\Program Files\Best Offers
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-7-2006 5:35 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Fix this line:

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

Do not delete the file. The entry is not necessary.

You can't delete this folder even in Safe Mode?: C:\Program Files\Best Offers

It is possible that there may be some entries in the registry related to Best Offers.

In your position I would search the entire registry for the string Best Offers and delete all instances of it. Are you familiar with editing the registry?

We have not tried Spysweeper yet.

Please download WebRoot SpySweeper (It's a 2 week trial):

www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

Install it. Once the program is installed, it will open.

It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.

Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button.

It will remove all of the items found.

Click Session Log in the upper right corner, copy everything in that window.

Click the Summary tab and click Finish.

Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-7-2006 11:51 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Thanks for the advise, I have run a Spy Sweeper, scan and this is the report. But I did this before I removed the 04-HKCU\..\RUN:[msnmsgr] via HJT. Which I am about to do.
22:20: |       Start of Session, 07 February 2006       |
22:20: Spy Sweeper started
22:20: Sweep initiated using definitions version 611
22:21: Starting Memory Sweep
22:23: Memory Sweep Complete, Elapsed Time: 00:02:39
22:23: Starting Registry Sweep
22:23:   Found Adware: deskad
22:23:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/deskadx.dll\  (2 subtraces) (ID = 124926)
22:23:   HKLM\software\deskad service\  (4 subtraces) (ID = 124927)
22:23:   HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\deskadx.dll (ID = 124930)
22:23:   Found Adware: wild media - minigolf
22:23:   HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/wildapp.dll\  (1 subtraces) (ID = 135051)
22:23:   Found Adware: wildmedia
22:23:   HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\  (8 subtraces) (ID = 146695)
22:23:   HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\  (8 subtraces) (ID = 146709)
22:23:   Found Adware: security2k hijacker
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
22:23:   Found Adware: directrevenue-abetterinternet
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\  (7 subtraces) (ID = 746835)
22:23:   Found Adware: systemprocess
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\startup\  (2 subtraces) (ID = 860412)
22:23:   Found Trojan Horse: trojan-downloader-2pursuit
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
22:23:   Found Adware: psguard\winhound fakealert
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\  (2 subtraces) (ID = 1035010)
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || displayname (ID = 1035011)
22:23:   HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ || uninstallstring (ID = 1035012)
22:23:   Found Adware: spywarestrike
22:23:   HKCR\appid\spywarestrike.exe\  (1 subtraces) (ID = 1108221)
22:23:   Found Adware: spywarestrike fakealert
22:23:   HKCR\clsid\{0f25878f-f8ae-5d5d-2bb7-31b5f803290d}\  (19 subtraces) (ID = 1108224)
22:23:   HKCR\typelib\{c1a4c0c9-dbd0-493a-93f8-0b05edc96224}\  (9 subtraces) (ID = 1108245)
22:23:   HKLM\software\classes\appid\spywarestrike.exe\  (1 subtraces) (ID = 1108258)
22:23:   HKLM\software\classes\clsid\{0f25878f-f8ae-5d5d-2bb7-31b5f803290d}\  (19 subtraces) (ID = 1108261)
22:23:   HKLM\software\classes\typelib\{c1a4c0c9-dbd0-493a-93f8-0b05edc96224}\  (9 subtraces) (ID = 1108292)
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {c1a2fda2-2a5b-2c8a-f2a2-ba2db3a2c31c} (ID = 1109431)
22:23:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {c1a2fda2-1a5b-2a8f-f3a2-b22da1a3c41d} (ID = 1109570)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\aurora\  (18 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-500\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\aurora\  (4 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1007\software\system process\ || lastptime (ID = 860390)
22:23:   Found Adware: internetoptimizer
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\avenue media\  (4 subtraces) (ID = 128887)
22:23:   Found Adware: 180search assistant/zango
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\180solutions\  (8 subtraces) (ID = 135617)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\aurora\  (35 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1006\software\system process\ || lastptime (ID = 860390)
22:23:   Found Adware: drsnsrch.com hijack
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\main\ || search page (ID = 128207)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\microsoft\internet explorer\searchurl\ (ID = 128212)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\aurora\  (29 subtraces) (ID = 360174)
22:23:   Found Adware: drsnsrch hijacker
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\dsrch\  (11 subtraces) (ID = 509156)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1005\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\dsrch\  (11 subtraces) (ID = 509156)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\system process\ || lastptime (ID = 860390)
22:23:   HKU\S-1-5-21-583907252-1677128483-839522115-1004\software\classes\clsid\{c1a2fda2-2a5b-2c8a-f2a2-ba2db3a2c31c}\  (3 subtraces) (ID = 1109430)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\aurora\  (3 subtraces) (ID = 360174)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\system process\  (1 subtraces) (ID = 860389)
22:23:   HKU\WRSS_Profile_S-1-5-21-583907252-1677128483-839522115-1003\software\system process\ || lastptime (ID = 860390)
22:23: Registry Sweep Complete, Elapsed Time:00:00:18
22:24: Starting Cookie Sweep
22:24:   Found Spy Cookie: 2o7.net cookie
22:24:   rebecca@112.2o7[1].txt (ID = 1958)
22:24:   rebecca@122.2o7[2].txt (ID = 1958)
22:24:   Found Spy Cookie: 888 cookie
22:24:   rebecca@888[1].txt (ID = 2019)
22:24:   Found Spy Cookie: abetterinternet cookie
22:24:   rebecca@abetterinternet[2].txt (ID = 2035)
22:24:   Found Spy Cookie: yieldmanager cookie
22:24:   rebecca@ad.yieldmanager[2].txt (ID = 3751)
22:24:   Found Spy Cookie: hbmediapro cookie
22:24:   rebecca@adopt.hbmediapro[2].txt (ID = 2768)
22:24:   Found Spy Cookie: specificclick.com cookie
22:24:   rebecca@adopt.specificclick[2].txt (ID = 3400)
22:24:   Found Spy Cookie: directtrack cookie
22:24:   rebecca@affiliatemarketing.directtrack[2].txt (ID = 2528)
22:24:   Found Spy Cookie: alt cookie
22:24:   rebecca@alt[1].txt (ID = 2217)
22:24:   Found Spy Cookie: atwola cookie
22:24:   rebecca@atwola[2].txt (ID = 2255)
22:24:   Found Spy Cookie: azjmp cookie
22:24:   rebecca@azjmp[2].txt (ID = 2270)
22:24:   Found Spy Cookie: a cookie
22:24:   rebecca@a[1].txt (ID = 2027)
22:24:   rebecca@a[2].txt (ID = 2027)
22:24:   Found Spy Cookie: belnk cookie
22:24:   rebecca@belnk[1].txt (ID = 2292)
22:24:   Found Spy Cookie: btgrab cookie
22:24:   rebecca@btg.btgrab[2].txt (ID = 2333)
22:24:   Found Spy Cookie: burstnet cookie
22:24:   rebecca@burstnet[2].txt (ID = 2336)
22:24:   Found Spy Cookie: cliks cookie
22:24:   rebecca@cliks[1].txt (ID = 2414)
22:24:   rebecca@directtrack[1].txt (ID = 2527)
22:24:   rebecca@dist.belnk[2].txt (ID = 2293)
22:24:   Found Spy Cookie: go.com cookie
22:24:   rebecca@go[1].txt (ID = 2728)
22:24:   Found Spy Cookie: screensavers.com cookie
22:24:   rebecca@i.screensavers[1].txt (ID = 3298)
22:24:   Found Spy Cookie: touchclarity cookie
22:24:   rebecca@msn.touchclarity[1].txt (ID = 3566)
22:24:   Found Spy Cookie: mywebsearch cookie
22:24:   rebecca@mywebsearch[1].txt (ID = 3051)
22:24:   Found Spy Cookie: offeroptimizer cookie
22:24:   rebecca@offeroptimizer[2].txt (ID = 3087)
22:24:   Found Spy Cookie: reunion cookie
22:24:   rebecca@reunion[2].txt (ID = 3255)
22:24:   Found Spy Cookie: spywarestormer cookie
22:24:   rebecca@spywarestormer[1].txt (ID = 3417)
22:24:   Found Spy Cookie: reliablestats cookie
22:24:   rebecca@stats1.reliablestats[1].txt (ID = 3254)
22:24:   rebecca@vmk.disney.go[1].txt (ID = 2729)
22:24:   rebecca@www.screensavers[2].txt (ID = 3298)
22:24:   big stephen@122.2o7[1].txt (ID = 1958)
22:24:   big stephen@2o7[2].txt (ID = 1957)
22:24:   Found Spy Cookie: advertising cookie
22:24:   big stephen@advertising[2].txt (ID = 2175)
22:24:   big stephen@atwola[1].txt (ID = 2255)
22:24:   Found Spy Cookie: sextracker cookie
22:24:   big stephen@counter11.sextracker[1].txt (ID = 3362)
22:24:   Found Spy Cookie: mediaplex cookie
22:24:   big stephen@mediaplex[1].txt (ID = 6442)
22:24:   Found Spy Cookie: sexlist cookie
22:24:   big stephen@sexlist[1].txt (ID = 3353)
22:24:   big stephen@sextracker[1].txt (ID = 3361)
22:24:   Found Spy Cookie: xxx69 cookie
22:24:   big stephen@www.xxx69[1].txt (ID = 3732)
22:24: Cookie Sweep Complete, Elapsed Time: 00:00:02
22:24: Starting File Sweep
22:24:   Found Adware: 2search
22:24:   c:\windows\system32\feeds (1 subtraces) (ID = -2147476748)
22:24:   c:\program files\security toolbar (2 subtraces) (ID = -2147462697)
22:25:   deskadx.dll (ID = 57857)
22:25:   Found Adware: lopdotcom
22:25:   seek less.exe (ID = 91)
22:27:   16 1 log balm.exe (ID = 121)
22:32:   sslanguage.ini (ID = 233228)
22:40:   safeoozevga.exe (ID = 90)
22:41:   a0107794.exe (ID = 230687)
22:42:   a0107799.lnk (ID = 230683)
22:42:   uninstall.bat (ID = 202688)
22:42:   20051211200813.zip (ID = 207109)
22:42:   20051213121605.zip (ID = 207109)
22:42:   20051213215054.zip (ID = 207109)
22:44: File Sweep Complete, Elapsed Time: 00:20:29
22:44: Full Sweep has completed.  Elapsed time 00:23:39
22:44: Traces Found: 327
22:45: Removal process initiated
22:45:   Quarantining All Traces: 180search assistant/zango
22:45:   Quarantining All Traces: directrevenue-abetterinternet
22:45:   Quarantining All Traces: lopdotcom
22:45:   Quarantining All Traces: psguard\winhound fakealert
22:45:   Quarantining All Traces: security2k hijacker
22:45:   security2k hijacker is in use.  It will be removed on reboot.
22:45:     uninstall.bat is in use.  It will be removed on reboot.
22:45:   Quarantining All Traces: wildmedia
22:45:   Quarantining All Traces: 2search
22:45:   Quarantining All Traces: internetoptimizer
22:45:   Quarantining All Traces: trojan-downloader-2pursuit
22:45:   Quarantining All Traces: deskad
22:45:   Quarantining All Traces: drsnsrch hijacker
22:45:   Quarantining All Traces: drsnsrch.com hijack
22:45:   Quarantining All Traces: spywarestrike fakealert
22:45:   Quarantining All Traces: spywarestrike
22:45:   Quarantining All Traces: systemprocess
22:45:   Quarantining All Traces: wild media - minigolf
22:45:   Quarantining All Traces: 2o7.net cookie
22:45:   Quarantining All Traces: 888 cookie
22:45:   Quarantining All Traces: a cookie
22:45:   Quarantining All Traces: abetterinternet cookie
22:45:   Quarantining All Traces: advertising cookie
22:45:   Quarantining All Traces: alt cookie
22:45:   Quarantining All Traces: atwola cookie
22:45:   Quarantining All Traces: azjmp cookie
22:45:   Quarantining All Traces: belnk cookie
22:45:   Quarantining All Traces: btgrab cookie
22:45:   Quarantining All Traces: burstnet cookie
22:45:   Quarantining All Traces: cliks cookie
22:45:   Quarantining All Traces: directtrack cookie
22:45:   Quarantining All Traces: go.com cookie
22:45:   Quarantining All Traces: hbmediapro cookie
22:45:   Quarantining All Traces: mediaplex cookie
22:45:   Quarantining All Traces: mywebsearch cookie
22:45:   Quarantining All Traces: offeroptimizer cookie
22:45:   Quarantining All Traces: reliablestats cookie
22:45:   Quarantining All Traces: reunion cookie
22:45:   Quarantining All Traces: screensavers.com cookie
22:45:   Quarantining All Traces: sexlist cookie
22:45:   Quarantining All Traces: sextracker cookie
22:45:   Quarantining All Traces: specificclick.com cookie
22:45:   Quarantining All Traces: spywarestormer cookie
22:45:   Quarantining All Traces: touchclarity cookie
22:45:   Quarantining All Traces: xxx69 cookie
22:45:   Quarantining All Traces: yieldmanager cookie
22:47: Removal process completed.  Elapsed time 00:01:53
********
22:17: |       Start of Session, 07 February 2006       |
22:17: Spy Sweeper started
22:17: Sweep initiated using definitions version 611
22:17: Starting Memory Sweep
22:18:   Sweep Canceled
22:18: Memory Sweep Complete, Elapsed Time: 00:00:18
22:18: Traces Found: 0
22:20: |       End of Session, 07 February 2006       |
********
22:12: |       Start of Session, 07 February 2006       |
22:12: Spy Sweeper started
22:13: Your spyware definitions have been updated.
22:17: |       End of Session, 07 February 2006       |
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-7-2006 11:59 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
this is the HJT log after I "fixed" the 04-HKCU\...\RUN, file
Logfile of HijackThis v1.99.1
Scan saved at 22:54:44, on 07/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Yes you where correct in the assumption that I am not familiar with editing the registry.

This is the most complex thing I have ever attempted on the computer.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-8-2006 12:11 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
On the last HJT log, I discovered that the following file was still logged after I "FIXED" it as requested so I Fixed it again.

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

I have just checked the ADD/REMOVE program and The Best Offer, has been removed. Do you think we have got rid of it?
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-8-2006 2:08 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
If it isn't there, it is gone. Check the Program Files folder.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-8-2006 6:39 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Hi and thanks once again, I have built up quite a library of programs fighting these problems, are there any I should consider keeping?
ewido anyi-malware and set-up
Nailfix
Rnav2003
 
rnav_log
 
HJT
 
SYMMSICLE...
 
Cleanup40
 
HJTsetup
 
AVGFree
 
Ad-Aware SE Personal
 
smitrem
 
Spywareblaster
 
Nailfix
 
KilBox
 
smitRem
 
Am I at a stage where I make a system restore point?
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-8-2006 10:15 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Only keep the following:

Spywareblaster
Ad-Aware SE Personal
AVGFree
HJT
Cleanup40

There is no use for the rest.
Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 2-8-2006 11:01 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Turn System Restore Off to flush out those infected restore points, then turn it back On.

To turn off Windows XP System Restore:

Note: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

  • Click Start.
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Select "Turn off System Restore" or "Turn off System Restore on all drives" check box.
  • Click Apply. The following message appears:
  • As noted in the message, this will delete all existing restore points. Click Yes to do this.
  • Click OK.



To turn On Windows XP System Restore:

  • Click Start.
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Clear the "Turn off System Restore" or "Turn off System Restore on all drives" check box.
  • Click Apply, and then click OK.


System Restore will create regular backups of selected system files and program files.

Create a restore point on your own now that the computer is clean from Malware.
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 2-9-2006 11:41 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Hear is the latest HJT, log,

Can you please advise if I have removed all the unwanted programs.

Logfile of HijackThis v1.99.1
Scan saved at 10:39:46, on 09/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Tray Mapi] C:\DOCUME~1\BIGSTE~1\APPLIC~1\UPSETT~1\Dale Site Option.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Back to Top
 

klas
New Member


Date Joined Jan 2006
Total Posts : 33
  		   Posted 4-2-2006 10:57 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
Hi I have been having problems these last few days, and my computor keeps crashing or desplaying a blue warning screen. I never copied the contents of the warning message. I have tried to do a number of restores but the system won't allow this. can you help? I have attached the most recent HJT log.


Logfile of HijackThis v1.99.1
Scan saved at 22:54:52, on 02/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert for CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137603012828
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EC9AEC0-09A7-480E-A4B9-9A46BD92DA4E}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Back to Top
 

JSntgvr
Senior Member


Date Joined Nov 2005
Total Posts : 605
  		   Posted 4-3-2006 12:10 (GMT +1)    Quote: Spywarestrick?spyware sheriff. I can't remove these from my systemAlert an admin about: Spywarestrick?spyware sheriff. I can't remove these from my system
There is nothing wrong with your log. Check the Administrative Tools in the Control Panel -> Event Viewer. Double click on System. Are there any errors logged therein? That may give you an idea of what may be wrong.
Back to Top
 
New Topic Post reply to : Spywarestrick?spyware sheriff. I can't remove these from my system Printable version of : Spywarestrick?spyware sheriff. I can't remove these from my system
54 posts in this thread.
Viewing Page :  1  2  3 
 
Forum Information
Currently it is Saturday, November 21, 2009 2:04 AM (GMT +1)
There are a total of 73.021 posts in 17.116 threads.
In the last 3 days there were 15 new threads and 70 reply posts. View Active Threads
Who's Online
This forum has 30330 registered members. Please welcome our newest member, DarkPrincess.
32 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
How to remove VBS:Malware-gen virus??? (4)20-11-2009 22:26:03 (DarkPrincess)
Unable to start COM+ Event, BITs and Windows Update on Win2000 (13)20-11-2009 22:10:54 (sjrsquared)
Generic.Malware.SY.54561FF3 (0)20-11-2009 20:40:33 (DanLasko)
Www.clothinglookout.com paypal mihcael jackson t-shirts replica nike acg boots cole haan fendi shoes (0)20-11-2009 20:13:00 (clothinglookout)
Fashon juciy couture tracks!!!! gucci jackets replica timberland men boots nike air max 2009 monste (0)20-11-2009 20:08:16 (clothinglookout)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard