Vcodec - Spyware Strike - Removed? - Safer-Networking Forums

Engineeral · 2006-01-07, 17:38

I may have been able to remove vcodec and Spyware strike by myself using hints and info from earlier posts in this forum. I have removed (several times) files windows\system32\mscornet.exe,
windows\system32\ncompat.tlb,
windows\system32\*.tmp,
windows\system32\<some sort of icon (ico) file>,
c:\documents and settings\alan\local settings\temp\2a.exe,
directory c:\program files\spyware strike,
and I have changed my home page to blank in Internet Explorer.
I used the Internet Options item in Control Panel because it seems the trojan reloaded itself each time I started IE. I don't recall if I had my DSL modem on or off when I did this but it might have been off. I recall looking for file videocodec3_05b.exe but I dont remember if I found it or not. For some of this I had to use safe mode. I run XP Home SP2.

I also made sure that web addresses ysbweb<dot>com, systemwarning<dot>com were in the IE bad pages list and the Spybot bad pages list.

I got this because I recently re-installed Windows due to other prolems and neglected to get all my antispyware set up again.

I ran, as suggested, Bit Defender Virus Scan which most recently found no problem. I also ran AVG and Spybot S&D which last time reported no problems. From somewhere I saw a suggestion to run SpySweeper which reported my internet monitoring software I Protect You as a problem. This is a program I use to protect my 10 and 11 year old children from Internet hazards. Somehow I have made it disappear from my account (although parts seem still installed and running) although it still runs in the children's accounts. When I look at the directory many files are missing, including the .exe file but it still runs for them. This program requires payment and on-line activation which I may now have lost. I will be emailing the IProtectYou people to let them know of what SpySweeper says.

I am writing all this to say how I may have been successful to others, to warn IProtectYou subscribers of a potential hazard, and to ask if the HijackThis listing below shows I need any more work.

Thanks for the help I have already received.

Alan

Logfile of HijackThis v1.99.1
Scan saved at 12:01:42 PM, on 07/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\iPYSvc.exe
C:\WINDOWS\system32\iPYSvr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ipycp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zinio\ZinioDeliveryManager.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\AntiSpyWare\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ipyrun] ipycp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Sympatico.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O8 - Extra context menu item: &Use webcow on this Page - C:\DOCUME~1\Alan\LOCALS~1\Temp\Temporary Directory 2 for webcow.zip\wcie.iemenu.htm
O8 - Extra context menu item: Add to Local Website Archive - C:\Program Files\Local Website Archive\iearc.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Use webcow on this &Selection - C:\DOCUME~1\Alan\LOCALS~1\Temp\Temporary Directory 2 for webcow.zip\wcie.iemenu2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: LWA - Load - {4E65FB00-C639-461A-851B-1F4D7C436A83} - C:\Program Files\Local Website Archive\wsarc.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: LWA - Add - {D32FC7EB-0271-4541-BDD8-AA500764942E} - C:\Program Files\Local Website Archive\wsarc_add.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D292C7AA-FD03-4DC3-8223-4C243C8A2038} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {D292C7AA-FD03-4DC3-8223-4C243C8A2038} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU)
O10 - Broken Internet access because of LSP provider 'ipysp.dll' missing
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132672944343
O17 - HKLM\System\CCS\Services\Tcpip\..\{C872C543-2BBF-4786-A4ED-D091E3B40BC9}: NameServer = 142.177.1.2 142.177.129.11
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPYSvc - Unknown owner - C:\WINDOWS\system32\iPYSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Engineeral · 2006-01-07, 22:22

I was hopeful I had it all removed but I still get a popup from the XP toolbar in the lower right of the screen (can't recall the name of that area). The popup won't go away and says "System Instrusion Detected!" etc. etc. Yeah "Instrusion".

Thank you.

:(

Engineeral · 2006-01-08, 04:08

I tried again, following the steps in Corrine's sticky at thread 1316. I didn't try this at first because my problem called itself Spyware Strike not any of the names Corrine listed. I guess it is a new version of an old problem.

So far, so good. I will start a new thread if I need to.

**LonnyRJones** · 2006-01-12, 09:40

Hi Engineeral
Dont start a new thread, use this one please.

Can we see a fresh hijackthis log ?

**tashi** · 2006-01-16, 21:00

Hello, this topic will now be archived.
I hope you will return if you have not resolved the problem.
If you need the topic re-opened please pm me or one of the forum mods.

2006-01-07, 17:38	#1
Engineeral Junior Member Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 3	Vcodec - Spyware Strike - Removed? I may have been able to remove vcodec and Spyware strike by myself using hints and info from earlier posts in this forum. I have removed (several times) files windows\system32\mscornet.exe, windows\system32\ncompat.tlb, windows\system32\*.tmp, windows\system32\<some sort of icon (ico) file>, c:\documents and settings\alan\local settings\temp\2a.exe, directory c:\program files\spyware strike, and I have changed my home page to blank in Internet Explorer. I used the Internet Options item in Control Panel because it seems the trojan reloaded itself each time I started IE. I don't recall if I had my DSL modem on or off when I did this but it might have been off. I recall looking for file videocodec3_05b.exe but I dont remember if I found it or not. For some of this I had to use safe mode. I run XP Home SP2. I also made sure that web addresses ysbweb<dot>com, systemwarning<dot>com were in the IE bad pages list and the Spybot bad pages list. I got this because I recently re-installed Windows due to other prolems and neglected to get all my antispyware set up again. I ran, as suggested, Bit Defender Virus Scan which most recently found no problem. I also ran AVG and Spybot S&D which last time reported no problems. From somewhere I saw a suggestion to run SpySweeper which reported my internet monitoring software I Protect You as a problem. This is a program I use to protect my 10 and 11 year old children from Internet hazards. Somehow I have made it disappear from my account (although parts seem still installed and running) although it still runs in the children's accounts. When I look at the directory many files are missing, including the .exe file but it still runs for them. This program requires payment and on-line activation which I may now have lost. I will be emailing the IProtectYou people to let them know of what SpySweeper says. I am writing all this to say how I may have been successful to others, to warn IProtectYou subscribers of a potential hazard, and to ask if the HijackThis listing below shows I need any more work. Thanks for the help I have already received. Alan Logfile of HijackThis v1.99.1 Scan saved at 12:01:42 PM, on 07/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\iPYSvc.exe C:\WINDOWS\system32\iPYSvr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hkcmd.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ipycp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Zinio\ZinioDeliveryManager.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\AntiSpyWare\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ipyrun] ipycp.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Startup: Sympatico.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: &Use webcow on this Page - C:\DOCUME~1\Alan\LOCALS~1\Temp\Temporary Directory 2 for webcow.zip\wcie.iemenu.htm O8 - Extra context menu item: Add to Local Website Archive - C:\Program Files\Local Website Archive\iearc.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Use webcow on this &Selection - C:\DOCUME~1\Alan\LOCALS~1\Temp\Temporary Directory 2 for webcow.zip\wcie.iemenu2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: LWA - Load - {4E65FB00-C639-461A-851B-1F4D7C436A83} - C:\Program Files\Local Website Archive\wsarc.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: LWA - Add - {D32FC7EB-0271-4541-BDD8-AA500764942E} - C:\Program Files\Local Website Archive\wsarc_add.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {D292C7AA-FD03-4DC3-8223-4C243C8A2038} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU) O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {D292C7AA-FD03-4DC3-8223-4C243C8A2038} - C:\Program Files\Local Website Archive\wsarc_add.exe (HKCU) O10 - Broken Internet access because of LSP provider 'ipysp.dll' missing O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1132672944343 O17 - HKLM\System\CCS\Services\Tcpip\..\{C872C543-2BBF-4786-A4ED-D091E3B40BC9}: NameServer = 142.177.1.2 142.177.129.11 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: iPYSvc - Unknown owner - C:\WINDOWS\system32\iPYSvc.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

2006-01-07, 22:22	#2
Engineeral Junior Member Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 3	More Info - Nope, not removed - Ugh! I was hopeful I had it all removed but I still get a popup from the XP toolbar in the lower right of the screen (can't recall the name of that area). The popup won't go away and says "System Instrusion Detected!" etc. etc. Yeah "Instrusion". Thank you. :(

2006-01-08, 04:08	#3
Engineeral Junior Member Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 3	Tried again I tried again, following the steps in Corrine's sticky at thread 1316. I didn't try this at first because my problem called itself Spyware Strike not any of the names Corrine listed. I guess it is a new version of an old problem. So far, so good. I will start a new thread if I need to.

2006-01-16, 21:00	#5
tashi Member of Team Spybot Join Date: Oct 2005 Location: USA Posts: 23,455 Rated LASSHes: 16	Hello, this topic will now be archived. I hope you will return if you have not resolved the problem. If you need the topic re-opened please pm me or one of the forum mods. __________________ UNITE-ASAP Microsoft MVP. Consumer Security 2006-2010 Please help us improve Spybot, download our distributed testing client

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

2006-01-12, 09:40	#4
LonnyRJones Visiting Staff Join Date: Oct 2005 Posts: 5,089	Hi Engineeral Dont start a new thread, use this one please. Can we see a fresh hijackthis log ?