[Closed] Spyware trojan, help required

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] Spyware trojan, help required, Have a virus/spyware and cant remove

Options

rpoon View Member Profile	Jun 6 2008, 08:27 AM Post #1
New Member Group: New Member Posts: 2 Joined: 6-June 08 Member No.: 79,487 Operating System: windows xp	Hello, I would be extreamly grateful if somebody could help me. I have the red screen on my computer desckktop ...windows xp saying that I am being attcaked by an anonymous spyware program . spybot will not open nor will combofix. when i do a deep scan on ad aware and spyware terminator it gets to a certain point where it shutdowns the system and goes to the blue screen of death. My system is slow. I cant enter certain web sites when i click on search links in google it goes to other search engine pages i get pop ups firefox doesnt work I cant download ceratin programs such as \internet explorer/ microsoft spyware remover. Please find below my hijacker log Logfile of HijackThis v1.99.1 Scan saved at 14:54:09, on 06/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\bluecoat software\program\bcserver.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\progra~1\mcafee\mcafee antispyware\massrv.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trigold\Update\TRUService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\progra~1\mcafee\MCAFEE~1\masalert.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\acer\epm\epm-dm.exe C:\WINDOWS\system32\rundll32.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Registry Mighty\RegistryMighty.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe c:\program files\mcafee.com\agent\mcagent.exe C:\Program Files\acer\eRecovery\Monitor.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ryan\Start Menu\Programs\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:/windows/homepage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.;127.0.0.;192.168.0.* R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) O2 - BHO: {382f9a50-663d-353a-ef14-7270617424c1} - {1c424716-0727-41fe-a353-d36605a9f283} - C:\WINDOWS\system32\ivpdoeyf.dll O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" /n O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hcrtttgb.dll",b O4 - HKLM\..\Run: [RegistryMighty.exe] C:\Program Files\Registry Mighty\RegistryMighty.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\qvuvqsak.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0089F6EE-ED54-11D5-B0E7-00508B014C1D} (ExWebClientUtils Class) - https://exweb.exchange.uk.com/clientbinaries/texInfo.CAB O16 - DPF: {090EC279-1378-44B7-B521-888980212E7E} (Complist3 Class) - https://exweb.exchange.uk.com/clientbinarie...ebCListCtl3.CAB O16 - DPF: {397F65A6-FD3C-438B-A7EB-3D2C0655189C} (EWGPensions.desInput) - https://exweb.exchange.uk.com/clientbinaries/EWGPensions.CAB O16 - DPF: {8E95B0CA-EB6F-11D3-979B-00508B64538B} (VersionInfo.clsVersionInfo) - https://exweb.exchange.uk.com/clientbinaries/VersionInfo.CAB O16 - DPF: {A74D724A-AB17-11D2-A96A-006097E20477} (eXwebUtils.HTMLUtils) - https://exweb.exchange.uk.com/clientbinaries/eXwebUtils.CAB O16 - DPF: {DDECE2F5-AF1F-44E7-B37F-96B6630F5C60} (PrintComponent.clsVersionInfo) - https://exweb.exchange.uk.com/clientbinaries/printdll.CAB O16 - DPF: {E7FF5332-854E-11D2-A952-006097E20477} (eXwebOccList.clsOccRes) - https://exweb.exchange.uk.com/clientbinaries/eXwebOcc.CAB O16 - DPF: {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} (ProtoView DataTable Control 7.0 (OLEDB)) - https://exweb.exchange.uk.com/clientbinaries/pvdt70.CAB O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = andersonlloyd.local O17 - HKLM\Software\..\Telephony: DomainName = andersonlloyd.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = andersonlloyd.local O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bluecoat Software FinPlan Server (BluecoatService) - Unknown owner - C:\Program Files\bluecoat software\program\bcserver.exe" /Service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: SQL Server (BLUECOAT) (MSSQL$BLUECOAT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBLUECOAT (file missing) O23 - Service: SQL Server (INERTIA3_SQL2005) (MSSQL$INERTIA3_SQL2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sINERTIA3_SQL2005 (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Trigold Update Service (TRUService) - Trigold - C:\Program Files\Trigold\Update\TRUService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe I have sensitive information on my computer- Some help to get rid of this would be appreciated. Many thanks R Thankyou for any support

LDTate View Member Profile	Jun 16 2008, 06:00 PM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

LDTate View Member Profile	Jun 22 2008, 05:04 PM Post #3
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal virus/trojan help	2	camaroman1181	18	5 minutes ago Last post by: camaroman1181
HijackThis™ Logs and Infections Removal Trojan Removal	3	elmkd	42	Today, 05:23 PM Last post by: Rorschach112
HijackThis™ Logs and Infections Removal pinpointed deewoo in startup then pc freezes after spyware message 12	15	lilperfect1	231	Today, 02:54 PM Last post by: little eagle
HijackThis™ Logs and Infections Removal Trojan - Odd Pop Ups "ReOpen"	3	T.C.	29	Today, 02:37 PM Last post by: T.C.