• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
platinum_gold

registry key Trojan.PWS.Tanspy on my pc

2 posts in this topic

According to spy doctor free version i have Trojan.PWS.Tanspy in

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\currentversion\controlpanel\load

 

 

 

 

AVG picked up 2 other trojans which it cleared for me trojan.Pakes.edg and trojan.Agent.qt

 

 

Panda active scan logfile

 

Incident Status Location

 

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Jay\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jay\My Documents\Unzipped\SmitfraudFix\Process.exe

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Potentially unwanted tool:Application/Processor Not disinfected O:\Downloads\SDFix.exe[sDFix\apps\Process.exe]

Potentially unwanted tool:Application/Processor Not disinfected O:\Downloads\SmitfraudFix.zip[smitfraudFix/Process.exe]

 

 

 

AVG Anti spyware logfile

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 21:17:12 15/05/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP83\A0024653.exe/keygen.exe -> Adware.Virtumonde : Ignored.

O:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP83\A0024625.exe/keygen.exe -> Adware.Virtumonde : Ignored.

O:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP86\A0024914.exe/keygen.exe -> Adware.Virtumonde : Ignored.

C:\System Volume Information\_restore{0873BBAA-A75B-4D4F-906F-27CE12FE99B6}\RP86\A0025035.dll -> Trojan.Agent.qt : Ignored.

O:\Soulseek\Download\Unsorted\SONY.SoundForge.8.0b.FULL.Include.Keymaker.PDX.zip/KEYGEN/SONYkeygen.exe -> Trojan.Pakes.edg : Ignored.

O:\System Volume Information\_restore{A3B07286-811B-4CAC-9770-E30C318740C8}\RP163\A0105022.exe -> Trojan.Pakes.edg : Ignored.

 

 

::Report end

 

 

 

 

 

HJT logfile

 

Logfile of HijackThis v1.99.1

Scan saved at 22:51:38, on 15/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx1\PXAgent.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\DeltTray.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Prevx1\PXConsole.exe

C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.navreg.com/index.asp?siteid=8

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"

O4 - HKLM\..\Run: [sBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)

O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

This thread is closed since I already helped you somewhere else.

 

You have to understand, since you are posting this at several forums that this is really confusing and you are actually wasting our time with this. This because many helpers will now analyze your log while someone is already helping you. This is a waste of our time and because of this, other people who are already waiting a couple of days have to wait longer.

Also, if you receive help from several different helpers - it will be very confusing for you and the helper since instructions may be different and we don't know what steps were performed, so logs won't make sense.

 

Also, if there are any other forums than the ones I spotted where you posted this log, please post a note there that you already received help somewhere else, so other helpers won't waste their valuable time with this.

Thanks.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0