Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I'm Infected With Spyware/trojan


  • Please log in to reply
6 replies to this topic

#1 Dinamit04

Dinamit04

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 November 2006 - 10:25 AM

Hello :thumbsup: ,
I think i am infected with spyware and would really appreciate it if someone could help me. I use ad-aware, spybot, and bitdefender. Ad-aware finds some tracking cookies, nothing else. Spybot used to detect alot like smitfraud and others but now detects only 1 thing. It detects that the registry value of AntiVirusOverride in HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Security Center, has changed from 0 to 1. I dont know if that was important but i just wanted you to know. Bitdefender shows files infected with trojan downloader and trojan dialers. Those are:
-Cool.exe, infected with trojan dialer in C/WINDOWS/system32: disinfection failed, moved
-Win2D1.tmp.exe, infected with trojan downloader in C/WINDOWS/Temp: disinfection failed, move failed
-Win321.tmp.exe, infected with trojan downloader in C/WINDOWS/Temp: disinfection failed, move failed
-Win289.tmp.exe, infected with trojan downloader in C/WINDOWS/Temp: disinfection failed, move failed

I also have this tray icon that pops up telling me i may be infected with malicious software, when i click on it it shows that i have 9 spyware infected files and tells me to choose the full scan for more info. and dont know how to remove because the process is explorer.exe and every time i end the process the desktop goes away and i have to restart my computer.
I have processes called igfxpers.exe, igfxtray.exe and hkcmd.exe, and dont know what are they.
A pop up also always apears while i am browsing that tells me i have malicous software. It never came until i got the spyware.
I used to have ishost.exe and istray.exe but i removed them.
I hope there is'nt anything else.

Here is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:35:55 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\Nesma\Nesma.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nesma.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {2C6D8B32-C71C-51B8-FD21-01C495517149} - C:\WINDOWS\system32\djcdpmh.dll
O2 - BHO: (no name) - {2CA2DDBA-2941-2E71-4F91-067CFB6E8143} - C:\WINDOWS\system32\wprblqh.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6FBB1849-93DE-70B5-CC2E-082F600B872E} - C:\WINDOWS\system32\ljoqyxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DialerDetect] C:\PROGRA~1\Nesma\Nesma.exe
O4 - HKLM\..\Run: [bpenfcg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\bpenfcg.dll,eakjkud
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvmoh.dll,startup
O4 - HKLM\..\Run: [edihfm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\edihfm.dll,hfhxifc
O4 - HKLM\..\Run: [renywmg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\renywmg.dll,iwyiejf
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Iice] "C:\PROGRA~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4994FE7F-E56D-43C4-9AA3-B3BF712C5E39}: NameServer = 212.71.32.19 212.71.32.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: winhdn32 - winhdn32.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I hope someone can help me, i would really appreciate it.

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 November 2006 - 10:58 AM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 November 2006 - 02:12 PM

Hello, sorry for the late reply, anyway i did and got what you asked me to do

Here is the Spy Sweeper Session log file:

9:57 PM: Removal process completed. Elapsed time 00:01:33
9:57 PM: Preparing to restart your computer. Please wait...
9:57 PM: Warning: Launched explorer.exe
9:57 PM: Quarantining All Traces: whenu
9:57 PM: Quarantining All Traces: yadro cookie
9:57 PM: Quarantining All Traces: tacoda cookie
9:57 PM: Quarantining All Traces: reliablestats cookie
9:57 PM: Quarantining All Traces: adjuggler cookie
9:57 PM: Quarantining All Traces: pricegrabber cookie
9:57 PM: Quarantining All Traces: 2o7.net cookie
9:57 PM: Quarantining All Traces: webtrends cookie
9:57 PM: Quarantining All Traces: gamespy cookie
9:57 PM: Quarantining All Traces: wtlive.com cookie
9:57 PM: Quarantining All Traces: burstnet cookie
9:57 PM: Quarantining All Traces: ask cookie
9:57 PM: Quarantining All Traces: about cookie
9:57 PM: Quarantining All Traces: whenu savenow
9:57 PM: C:\WINDOWS\system32\drvmoh.dll is in use. It will be removed on reboot.
9:57 PM: amaena.com fakealert is in use. It will be removed on reboot.
9:57 PM: Quarantining All Traces: amaena.com fakealert
9:57 PM: Quarantining All Traces: Troj/Delf-OE
9:57 PM: Quarantining All Traces: Troj/Nebule-Gen
9:57 PM: Quarantining All Traces: purityscan
9:57 PM: Quarantining All Traces: Troj/Busky-Gen
9:57 PM: Quarantining All Traces: trojan agent winlogonhook
9:56 PM: Removal process initiated
9:55 PM: Traces Found: 41
9:55 PM: Custom Sweep has completed. Elapsed time 01:00:52
9:55 PM: File Sweep Complete, Elapsed Time: 00:57:44
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\f9fee7df.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\ee093181.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\e36a8bcd.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\dd3f1ec1.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\d8dba457.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\cbaa0d8e.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\ba97e870.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\b7b2933b.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\b2d7621c.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\ae89f27e.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\aa46df6e.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\a51b2b31.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\75e73656.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\691545be.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\64e121a0.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\4d78f72b.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\405d0351.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\38d33b79.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\32f0408c.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\2dcb8823.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\283e344a.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\2286f705.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\1cc67add.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\0397e2e3.cab]
9:54 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\programs\nerostartsmart\embrace\cab\03655ce2.cab]
9:53 PM: D:\Programs\Norton AntiVirus 2006\nortonantivirus2006patchghhg.zip (ID = 0)
9:53 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\games\worms 4 mayhem\merged\worms_4_mayhem.rar]
9:51 PM: Warning: AntiVirus engine returned [File Encrypted] on [d:\programs\mcafee antivirus\full version\add-mv07.part1.rar]
9:51 PM: Warning: Stream read error
9:37 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc.zip]
9:37 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\maxfiles.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\maxfiles3.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusoverride2.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\noustechudefender.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar19.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku5.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterupdatedisablenotify.zip]
9:36 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterfirewalldisablenotify.zip]
9:35 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\program files\team17\worms 4 mayhem\worms_4_mayhem.rar]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusdisablenotify.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch4.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mqch6.tmp\msc\shared\agentins.cab]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mqch6.tmp\msc\shared\agentcfg.cab]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku4.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku3.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar16.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar15.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar14.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar13.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar12.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar11.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar10.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar9.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar8.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar7.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar6.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar5.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar4.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc4.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc3.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\maxfiles2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar17.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\maxfiles1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mskh7.tmp\shared\agentcfg.cab]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\shr_6_0_enus.tmp\shared\shredcfg.cab]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobdownloader2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobdownloader1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch5.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\winsoftwarewinantiviruspro.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch3.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch2.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobdownloader.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku8.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku7.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku6.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar23.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar1.zip]
9:35 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar3.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearch.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearchdesktoptoolbar2.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearchdesktoptoolbar1.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearchdesktoptoolbar.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearchbrowsertoolbar1.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\whenusearchbrowsertoolbar.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar42.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar41.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar40.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar39.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar38.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar37.zip]
9:34 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar36.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar35.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar34.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusoverride1.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku11.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar22.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar21.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku10.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar24.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\yazzlesudoku9.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar33.zip]
9:33 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar32.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar31.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar18.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterdisabled.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterfirewalldisablenotify1.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar30.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar29.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar28.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar27.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar20.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc5.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar26.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusdisablenotify1.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar25.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc7.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc6.zip]
9:32 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusoverride.zip]
9:31 PM: Warning: Failed to access drive E:
9:31 PM: Warning: AntiVirus engine returned [File Encrypted] on [d:\programs\ad aware se\aawsepersonal.exe]
9:31 PM: D:\Programs\Norton AntiVirus 2006\Norton_Antivirus_2006_by_gHHg.EXE (ID = 0)
9:31 PM: Found Troj/Delf-OE: Troj/Delf-OE
9:30 PM: Warning: AntiVirus engine returned [File Corrupted] on [d:\games\worms 4 mayhem\worms_4_mayhem.rar.aa]
9:29 PM: Warning: AntiVirus engine returned [File Encrypted] on [d:\programs\winzip\winzip81.exe]
9:23 PM: C:\WINDOWS\Temp\win289.tmp.exe (ID = 381038)
9:23 PM: C:\Program Files\Common Files\Yazzle1162OinAdmin.exe (ID = 385231)
9:23 PM: c:\program files\w?nsxs\nslookup.exe (ID = 447)
9:22 PM: C:\WINDOWS\system32\edihfm.dll (ID = 0)
9:22 PM: C:\WINDOWS\system32\drvmoh.dll (ID = 402206)
9:21 PM: C:\Program Files\Softwin\BitDefender8\Quarantine\nslookup.exe (ID = 447)
9:21 PM: C:\Program Files\Softwin\BitDefender8\Quarantine\winhdn32.dll (ID = 0)
9:21 PM: Found Troj/Nebule-Gen: Troj/Nebule-Gen
9:19 PM: C:\WINDOWS\Temp\win321.tmp.exe (ID = 381038)
9:19 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\documents and settings\user\local settings\temp\httpgf16.tmp]
9:15 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\documents and settings\user\local settings\temporary internet files\content.ie5\g1aj49ar\win2k_xp1425[1].exe]
9:14 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se personal\skins\ad-aware se default.ask]
9:13 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mqch6.tmp\msc\agentins.ui]
9:13 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\windows\help\mui\0401\windows.chm]
9:13 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\windows\help\mui\0401\windows.hlp]
9:12 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mskh7.tmp\agentins.ui]
9:12 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\mskh7.tmp\mskins.ui]
9:09 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\documents and settings\user\local settings\temp\shr_6_0_enus.tmp\shrins.ui]
9:09 PM: C:\WINDOWS\Temp\win2D1.tmp.exe (ID = 381038)
9:06 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
9:05 PM: Warning: AntiVirus engine returned [Access Denied] on [c:\pagefile.sys]
9:04 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
9:03 PM: C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe (ID = 385232)
9:02 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
9:01 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
9:01 PM: Warning: AntiVirus engine returned [File Encrypted] on [c:\windows\temp\temporary internet files\content.ie5\wdkllxdi\valert[1].ui]
8:58 PM: Warning: AntiVirus engine returned [File Corrupted] on [c:\windows\mui\fallback\0401\_user2.hdr]
8:57 PM: C:\Program Files\Common Files\WhenU (2 subtraces) (ID = 2147486917)
8:57 PM: Found Adware: whenu
8:57 PM: Starting File Sweep
8:57 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:57 PM: c:\documents and settings\user\cookies\user@yadro[1].txt (ID = 3743)
8:57 PM: Found Spy Cookie: yadro cookie
8:57 PM: c:\documents and settings\user\cookies\user@www.burstnet[1].txt (ID = 2337)
8:57 PM: c:\documents and settings\user\cookies\user@tacoda[2].txt (ID = 6444)
8:57 PM: Found Spy Cookie: tacoda cookie
8:57 PM: c:\documents and settings\user\cookies\user@stats1.reliablestats[1].txt (ID = 3254)
8:57 PM: Found Spy Cookie: reliablestats cookie
8:57 PM: c:\documents and settings\user\cookies\user@rotator.adjuggler[2].txt (ID = 2071)
8:57 PM: Found Spy Cookie: adjuggler cookie
8:57 PM: c:\documents and settings\user\cookies\user@pricegrabber[2].txt (ID = 3185)
8:57 PM: Found Spy Cookie: pricegrabber cookie
8:57 PM: c:\documents and settings\user\cookies\user@msnportal.112.2o7[1].txt (ID = 1958)
8:57 PM: c:\documents and settings\user\cookies\user@maxis.112.2o7[1].txt (ID = 1958)
8:57 PM: Found Spy Cookie: 2o7.net cookie
8:57 PM: c:\documents and settings\user\cookies\user@m.webtrends[1].txt (ID = 3669)
8:57 PM: Found Spy Cookie: webtrends cookie
8:57 PM: c:\documents and settings\user\cookies\user@gamespy[1].txt (ID = 2719)
8:57 PM: Found Spy Cookie: gamespy cookie
8:57 PM: c:\documents and settings\user\cookies\user@dcstest.wtlive[2].txt (ID = 3700)
8:57 PM: Found Spy Cookie: wtlive.com cookie
8:57 PM: c:\documents and settings\user\cookies\user@compnetworking.about[1].txt (ID = 2038)
8:57 PM: c:\documents and settings\user\cookies\user@burstnet[2].txt (ID = 2336)
8:57 PM: Found Spy Cookie: burstnet cookie
8:57 PM: c:\documents and settings\user\cookies\user@ask[1].txt (ID = 2245)
8:57 PM: Found Spy Cookie: ask cookie
8:57 PM: c:\documents and settings\user\cookies\user@about[1].txt (ID = 2037)
8:57 PM: Found Spy Cookie: about cookie
8:57 PM: Starting Cookie Sweep
8:57 PM: Registry Sweep Complete, Elapsed Time:00:00:13
8:57 PM: HKLM\software\microsoft\windows\currentversion\run\ || ctdrive (ID = 1823426)
8:57 PM: HKLM\software\microsoft\windows\currentversion\uninstall\yazzle1162oin\ (ID = 1738184)
8:57 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32\ (ID = 1725812)
8:57 PM: HKLM\software\classes\wusn.1\ (ID = 635554)
8:57 PM: HKCR\wusn.1\ (ID = 635412)
8:57 PM: HKCR\wusn.1\ (ID = 140463)
8:57 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
8:57 PM: Found Adware: whenu savenow
8:57 PM: Starting Registry Sweep
8:57 PM: Memory Sweep Complete, Elapsed Time: 00:02:48
8:56 PM: Detected running threat: C:\Program Files\W?nSxS\nslookup.exe (ID = 447)
8:56 PM: Found Adware: purityscan
8:55 PM: Detected running threat: C:\WINDOWS\system32\edihfm.dll (ID = 0)
8:55 PM: Found Troj/Busky-Gen: Troj/Busky-Gen
8:54 PM: Detected running threat: C:\WINDOWS\system32\drvmoh.dll (ID = 402206)
8:54 PM: Found Adware: amaena.com fakealert
8:54 PM: Warning: AntiVirus engine returned [Access Denied] on [blank]
8:54 PM: Starting Memory Sweep
8:54 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32\ || dllname (ID = 1735545)
8:54 PM: Found Trojan Horse: trojan agent winlogonhook
8:54 PM: Start Custom Sweep
8:54 PM: Sweep initiated using definitions version 805
8:54 PM: Spy Sweeper 5.2.3.2125 started
8:54 PM: | Start of Session, Sunday, November 19, 2006 |
********
8:54 PM: | End of Session, Sunday, November 19, 2006 |
8:46 PM: Sweep Status: 1 Item Found
8:46 PM: Traces Found: 1
8:46 PM: Sweep Canceled
8:46 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\winhdn32\ || dllname (ID = 1735545)
8:46 PM: Found Trojan Horse: trojan agent winlogonhook
8:46 PM: Start Full Sweep
8:46 PM: Sweep initiated using definitions version 805
8:46 PM: Spy Sweeper 5.2.3.2125 started
8:46 PM: | Start of Session, Sunday, November 19, 2006 |
********
8:46 PM: | End of Session, Sunday, November 19, 2006 |
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:37 PM: Shield States
8:36 PM: Spyware Definitions: 790
8:36 PM: Informational: Loaded AntiVirus Engine: 2.39.2; SDK Version: 4.11; Virus Definitions: 11/19/2006 5:04:36 AM (GMT)
8:36 PM: Spy Sweeper 5.2.3.2125 started
8:36 PM: Spy Sweeper 5.2.3.2125 started
8:36 PM: | Start of Session, Sunday, November 19, 2006 |
********


----------------------------------------------------------------------------------------------


Here is the new Hijack This log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:04:02 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nesma\Nesma.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nesma.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {2C6D8B32-C71C-51B8-FD21-01C495517149} - C:\WINDOWS\system32\djcdpmh.dll
O2 - BHO: (no name) - {2CA2DDBA-2941-2E71-4F91-067CFB6E8143} - C:\WINDOWS\system32\wprblqh.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6FBB1849-93DE-70B5-CC2E-082F600B872E} - C:\WINDOWS\system32\ljoqyxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DialerDetect] C:\PROGRA~1\Nesma\Nesma.exe
O4 - HKLM\..\Run: [bpenfcg.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\bpenfcg.dll,eakjkud
O4 - HKLM\..\Run: [edihfm.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\edihfm.dll,hfhxifc
O4 - HKLM\..\Run: [renywmg.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\renywmg.dll,iwyiejf
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Red Swoosh] "C:\Program Files\RSSoft\RedSwoosh.exe" /S
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Iice] "C:\PROGRA~1\WNSXS~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4994FE7F-E56D-43C4-9AA3-B3BF712C5E39}: NameServer = 212.71.32.19 212.71.32.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

-------------------------------------------------------------------------------------------------

The security warning that comes at starup and tells me i have 9 infected files doesnt come anymore!!
Thanks for trying to help me with this problem of mine.
Anyways, let me know what to do next.

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 19 November 2006 - 03:51 PM

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O2 - BHO: (no name) - {2C6D8B32-C71C-51B8-FD21-01C495517149} - C:\WINDOWS\system32\djcdpmh.dll

O2 - BHO: (no name) - {2CA2DDBA-2941-2E71-4F91-067CFB6E8143} - C:\WINDOWS\system32\wprblqh.dll

O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - blank (file missing)

O2 - BHO: (no name) - {6FBB1849-93DE-70B5-CC2E-082F600B872E} - C:\WINDOWS\system32\ljoqyxj.dll

O4 - HKLM\..\Run: [bpenfcg.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\bpenfcg.dll,eakjkud

O4 - HKLM\..\Run: [edihfm.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\edihfm.dll,hfhxifc

O4 - HKLM\..\Run: [renywmg.dll] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\renywmg.dll,iwyiejf

O4 - HKCU\..\Run: [Iice] "C:\PROGRA~1\WNSXS~1\nslookup.exe" -vt yazb


DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\djcdpmh.dll
C:\WINDOWS\system32\wprblqh.dll
C:\WINDOWS\system32\ljoqyxj.dll
C:\WINDOWS\system32\bpenfcg.dll
C:\WINDOWS\system32\edihfm.dll
C:\WINDOWS\system32\renywmg.dll
O4 - HKCU\..\Run: [Iice] "C:\PROGRA~1\WNSXS~1

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 November 2006 - 06:58 AM

Here is my new log file of hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 2:46:10 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Nesma\Nesma.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nesma.net.sa:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" -onlytray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DialerDetect] C:\PROGRA~1\Nesma\Nesma.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [Red Swoosh] "C:\Program Files\RSSoft\RedSwoosh.exe" /S
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PcSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Internet Download Accelerator] "C:\Program Files\IDA\ida.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4994FE7F-E56D-43C4-9AA3-B3BF712C5E39}: NameServer = 212.71.32.19 212.71.32.20
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


---------------------------------------------------------------------------------------------


Everything Worked GREAT!!!

Take a look and tell me if there is anything still wrong.
But i feel my computer is way faster and all the pop ups and errors are gone!!.

Thanks a lot, everything works fine but now spy sweeper still detects a trojan/Busky-Gen virus

Edited by Dinamit04, 20 November 2006 - 07:01 AM.


#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 November 2006 - 11:40 AM

Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Now see if it finds it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 Dinamit04

Dinamit04
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 November 2006 - 12:14 PM

THANKS A LOT!!!!, dont know what would've done without you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users