1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Warning! Potential Spyware Operation" spyware

Discussion in 'Virus & Other Malware Removal' started by DaniloFab, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. DaniloFab

    DaniloFab Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    2
    A box with the error: "Warning! Potential Spyware Operation" and a yes or no option to take me to an infected website, pops up every 5 min. It also has blocked my desktop background, my control panel and my task manager. Here goes my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:05:48, on 1/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\proper.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
    C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
    C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE
    C:\Arquivos de programas\Java\j2re1.4.2_01\bin\jusched.exe
    C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe
    C:\Arquivos de programas\QuickTime\qttask.exe
    C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
    C:\ARQUIV~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\VM_STI.EXE
    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Arquivos de programas\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Arquivos de programas\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Arquivos de programas\Palm\HOTSYNC.EXE
    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Arquivos de programas\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\Arquivos de programas\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Arquivos de programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Gerenciador do HotSync.lnk = C:\Arquivos de programas\Palm\HOTSYNC.EXE
    O4 - Startup: infos.exe
    O4 - Global Startup: autos.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Lembrete de Pagamentos.lnk = C:\QUICKENW\billmind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Google Search - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Arquivos de programas\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\j2re1.4.2_01\bin\npjpi142_01.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192917694637
    O20 - AppInit_DLLs: skuns.dat
    O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
    O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\Security Center\SymWSC.exe
     
  2. DaniloFab

    DaniloFab Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    2
    I runned the Smitfraudfix and also the Fdfix. Neither of them helped.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Warning Potential Spyware
  1. midiboy
    Replies:
    5
    Views:
    474
  2. PacerFan1
    Replies:
    4
    Views:
    486
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646513

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice