CorpTechLLC
asked on
I Can't Get Rid Of SpyShredder Virus Or SecurePCCCleaner Virus
I need to get SpyShredder virus and SecurePCCleaner virus removed from my system. I have run smitfraud, avg anti-spyware, spybot s&d, adaware and trend micro rootkit buster. Below is my hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:43 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\Ati2ev xx.exe
C:\WINDOWS\system32\spools v.exe
c:\program files\common files\logitech\lvmvfm\LVPr cSrv.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic e.exe
C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e
C:\WINDOWS\system32\dla\tf swctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\a vgcc.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVC omSX.exe
C:\WINDOWS\system32\ctfmon .exe
C:\PROGRA~1\MI3AA1~1\wcesc omm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\Se tPoint.exe
C:\Fipsco Life Portraits\AHL\AHLWebServer .exe
C:\PROGRA~1\MI3AA1~1\rapim gr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logitech\KhalShared\ KHALMNPR.E XE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
C:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
C:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\ sqlservr.e xe
C:\Program Files\Dell\NICCONFIGSVC\NI CCONFIGSVC .exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter .exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\dllhos t.exe
C:\Program Files\Citrix\GoToAssist\48 0\g2aservi ce.exe
C:\Program Files\Citrix\GoToAssist\48 0\g2acomm. exe
C:\Program Files\Citrix\GoToAssist\48 0\g2alaunc hercustome r.exe
C:\Program Files\Citrix\GoToAssist\48 0\g2auicus tomer.exe
C:\Program Files\Citrix\GoToAssist\48 0\g2asessi oncontrol. exe
C:\Program Files\Citrix\GoToAssist\48 0\g2achat. exe
C:\Program Files\Citrix\GoToAssist\48 0\g2aremot ediagnosti cs.exe
C:\Program Files\Citrix\GoToAssist\48 0\g2afilet ransfer.ex e
C:\Program Files\Citrix\GoToAssist\48 0\g2ahost. exe
C:\WINDOWS\system32\taskmg r.exe
C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
C:\WINDOWS\eHome\ehRecvr.e xe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
C:\WINDOWS\system32\NOTEPA D.EXE
C:\PROGRA~1\MOZILL~1\FIREF OX.EXE
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A 0F997BA588 C} - C:\Program Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B 1D7B69C7F8 3} - C:\WINDOWS\duocore.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0 0123456789 0} - C:\WINDOWS\system32\dla\tf swshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0 0400523e39 a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_02\bin \ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\2 .0.301.716 4\swg.dll
O2 - BHO: Act.UI.InternetExplorer.Pl ugins.Atta chFile.CAt tachFile - {D5233FCD-D258-4903-89B8-F B1568E7413 D} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0 0400523e39 a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic e.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [PSBO Clean] C:\Program Files\KONICA MINOLTA\PageScope Box Operator\PSBO.exe /clean
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\i frmewrk.ex e /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf swctrl.exe
O4 - HKLM\..\Run: [B2BMC_STARTER] "C:\Fipsco Life Portraits\AHL\B2BMC-Starte r.exe" CLT=AHL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a vgcc.exe /STARTUP
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVC omSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wces comm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex e" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar Notifier\G oogleToolb arNotifier .exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a vgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a vgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a vgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a vgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\Se tPoint.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom izeIEMenu. html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1 \OFFICE11\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_02\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.6.0_02\bin \ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0 0C04FAE2D4 F} - C:\PROGRA~1\MI3AA1~1\INetR epl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 6} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 6} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo rms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 9} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C 5DBF3571F4 9} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa ss.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-8 9C7CE1B18F 6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-8 9C7CE1B18F 6} - mscoree.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0 0400523e39 a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0 0400523e39 a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo olbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D 32B190E9B0 7} - C:\Program Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~1\MI1933~1\OFFIC E11\REFIEB AR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f 2ba3849658 3} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5 009F29E09E 1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0 060082AA75 C} (GpcContainer Class) - https://lcs.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {E5238271-D692-408F-A625-2 75DF49EE4E 3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
O16 - DPF: {E6545011-41C1-41E8-A553-2 457571D1BB C} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
O17 - HKLM\System\CCS\Services\T cpip\..\{0 6EBD524-EA 34-43DB-A6 BE-A424C86 7290D}: NameServer = 12.15.58.11,192.168.0.25
O17 - HKLM\System\CS1\Services\T cpip\..\{0 6EBD524-EA 34-43DB-A6 BE-A424C86 7290D}: NameServer = 12.15.58.11,192.168.0.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1 830C7DD7F5 D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1. DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\48 0\G2AWinLo gon.dll
O21 - SSODL: wmpconf - {C2ADE800-2713-478E-933E-8 E832286E51 8} - C:\WINDOWS\wmpconf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev xx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a vgamsvr.ex e
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a vgupsvc.ex e
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E vtEng.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\48 0\g2aservi ce.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1150\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPr cSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\Srv Lnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI CCONFIGSVC .exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R egSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S 24EvMon.ex e
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\W LKeeper.ex e
--
End of file - 12134 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:43 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\spools
c:\program files\common files\logitech\lvmvfm\LVPr
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic
C:\Program Files\Intel\Wireless\Bin\i
C:\WINDOWS\system32\dla\tf
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVG7\a
C:\Program Files\Common Files\Logitech\LComMgr\LVC
C:\WINDOWS\system32\ctfmon
C:\PROGRA~1\MI3AA1~1\wcesc
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\Se
C:\Fipsco Life Portraits\AHL\AHLWebServer
C:\PROGRA~1\MI3AA1~1\rapim
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logitech\KhalShared\
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
C:\PROGRA~1\Grisoft\AVG7\a
C:\PROGRA~1\Grisoft\AVG7\a
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
C:\Program Files\Dell\NICCONFIGSVC\NI
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\dllhos
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\Program Files\Citrix\GoToAssist\48
C:\WINDOWS\system32\taskmg
C:\Program Files\Google\GoogleToolbar
C:\WINDOWS\eHome\ehRecvr.e
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
C:\WINDOWS\system32\NOTEPA
C:\PROGRA~1\MOZILL~1\FIREF
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-0
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O2 - BHO: Act.UI.InternetExplorer.Pl
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-0
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -stayrunning
O4 - HKLM\..\Run: [PSBO Clean] C:\Program Files\KONICA MINOLTA\PageScope Box Operator\PSBO.exe /clean
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\i
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tf
O4 - HKLM\..\Run: [B2BMC_STARTER] "C:\Fipsco Life Portraits\AHL\B2BMC-Starte
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wces
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbar
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\a
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\Se
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustom
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillFo
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowTo
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePa
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-0
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-0
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-8
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-8
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-0
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-0
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {E5238271-D692-408F-A625-2
O16 - DPF: {E6545011-41C1-41E8-A553-2
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\48
O21 - SSODL: wmpconf - {C2ADE800-2713-478E-933E-8
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\E
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\48
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPr
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\Srv
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NI
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\R
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\W
--
End of file - 12134 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was updating my smitfraud. I didn't update it before I ran it. Once I updated it, the virus was blown away. I appreciate the help
Another options for you:
1. RogueRemover ->> will remove it too
http://www.malwarebytes.org/rogueremover.php
2. SUPERAntispyware(might removed it)
http://www.superantispyware.com/