Some Spyware Left.

PauleyPauley
edited October 2004 in Spyware & Virus Removal
Showing nothing nasty on all spyware and antivirus software except Spyware Doctor, which has the following entries. - TAPICFG.EXE, which is a cool web search thingy. I cant find the entry to delete it. The other one is Altnet Software, which SD says is bundled with Kazaa. I seem to srtill get redirects to porn sites so it must b one of these two.
Hijack this and StartDreck logs:


Logfile of HijackThis v1.97.7
Scan saved at 07:57:13, on 29/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Smart Protector Pro\SmartProtectorPro.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.128.4:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Paul\Application Data\Mozilla\Profiles\default\wz9whpl0.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Smart Protector Pro\SmartProtectorPro.exe" /stealt
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: KYESCAN.lnk = C:\Program Files\ScannerU\KYESCAN.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.justchat.co.uk
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab



StartDreck (build 2.1.5 public BETA) - 2004-10-29 @ 07:59:57
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)

»Registry
»Run Keys
»Current User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\ctfmon.exe
*Yahoo! Pager=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*SPSTEALT="C:\Program Files\Smart Protector Pro\SmartProtectorPro.exe" /stealt
*Window Washer=C:\Program Files\Webroot\Washer\wwDisp.exe
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*HTpatch=C:\WINDOWS\htpatch.exe
*SiSUSBRG=C:\WINDOWS\SiSUSBrg.exe
*OneTouch Monitor="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe"
*SoundMan=SOUNDMAN.EXE
*Synchronization Manager=%SystemRoot%\system32\mobsync.exe /logon
*WinampAgent="C:\Program Files\Winamp\Winampa.exe"
*msnappau="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
*AVG_CC=C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
*Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
*00000004=<unkown>
*00000170=\SystemRoot\System32\smss.exe
*0000024C=<unkown>
*00000264=\??\C:\WINDOWS\system32\winlogon.exe
*00000290=C:\WINDOWS\system32\services.exe
*0000029C=C:\WINDOWS\system32\lsass.exe
*00000348=C:\WINDOWS\system32\svchost.exe
*0000039C=C:\WINDOWS\System32\svchost.exe
*0000046C=<unkown>
*00000498=<unkown>
*0000052C=C:\WINDOWS\system32\spoolsv.exe
*0000068C=C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
*000006E0=C:\WINDOWS\System32\svchost.exe
*00000704=C:\WINDOWS\system32\ZoneLabs\vsmon.exe
*00000728=C:\WINDOWS\htpatch.exe
*00000754=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
*00000764=C:\WINDOWS\SOUNDMAN.EXE
*00000794=C:\Program Files\Winamp\Winampa.exe
*000007A0=C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
*000007CC=C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
*000007E8=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*000007FC=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
*0000007C=C:\WINDOWS\System32\ctfmon.exe
*0000009C=C:\Program Files\Messenger\msmsgs.exe
*000000A8=C:\Program Files\Smart Protector Pro\SmartProtectorPro.exe
*000000B4=C:\Program Files\Webroot\Washer\wwDisp.exe
*000005DC=C:\WINDOWS\System32\wuauclt.exe
*00000F84=C:\WINDOWS\explorer.exe
*00000B2C=C:\Program Files\Spyware Doctor\spydoctor.exe
*00000BDC=C:\Documents and Settings\Paul\My Documents\SD\StartDreck.exe
»Application specific

Comments

Sign In or Register to comment.