PDA

View Full Version : cmdService and secure 32



aridza
2006-05-30, 19:57
Hi,
I'm trying to remove all the spyware/adware that I got a few days ago and can't seem to be able to do it so I need help please.
Spybot detects cmdService but doesn't fix it and my homepage is set on secure32.html.
I have tons of pop ups and my computer is slower than usual (I got it last week).
I got hijackit and here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 9:27:27 AM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\nkkk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\win32101-194404746.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\WINDOWS\system32\253bddb6.exe
C:\WINDOWS\system32\per.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\2352.exe
C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\tt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\OptOut.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\hijackthis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20026\winlogon.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [{03-30-09-9B-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [zntwxtmA] C:\WINDOWS\zntwxtmA.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\nkkk.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [win32101-194404746] C:\WINDOWS\win32101-194404746.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKLM\..\Run: [w7f128d4.dll] RUNDLL32.EXE w7f128d4.dll,I2 0011b64c07f128d4
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwinoqez.exe GID003
O4 - HKLM\..\Run: [253bddb6.exe] C:\WINDOWS\system32\253bddb6.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20026\winlogon.exe
O4 - HKLM\..\Run: [win32hp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [zxc] nmdllw.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [dmzhn.exe] C:\WINDOWS\system32\dmzhn.exe
O4 - HKLM\..\Run: [Software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Trust Cleaner] "C:\Program Files\Trust Cleaner\Trust Cleaner.exe"
O4 - HKCU\..\Run: [Tlrp] "C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe" -vt yazr
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\??curity\r?ndll32.exe
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [253bddb6.exe] C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20026\winlogon.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinoqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\pqdsregm.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.149,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E136C1-4909-4510-A207-205FE6B0FCAA}: NameServer = 85.255.116.149,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.149,85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.149,85.255.112.14
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: Media Center - C:\WINDOWS\system32\gp22l3fo1.dll (file missing)
O20 - Winlogon Notify: s_reg - C:\WINDOWS\SYSTEM32\notifysb.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe


Something seems to have changed my settings as I get a message saying the task manager has been disable by your administrator (which I didn't do) so I can't access the task manager and at the start up I get an error message saying it can't load w7f128d4.dll (no clue what that is)

I am not great with computers so please explain to me step by step like I was 4.
Thank you for your help

LonnyRJones
2006-06-01, 18:48
Welcome to the forum

In windows control panel addremove programs uninstall
Trust Cleaner
anything by Zeno
SurfSideKick 3
Spyware Soft Stop
TSA
anything by OIN

anything that is suspicious

Afterwards restart your pc and post a fresh hijackthis log
Or if your comfortable with these instructions fallow them
http://forums.spybot.info/showthread.php?t=4015

aridza
2006-06-03, 08:37
ok I followed the instruction to remove it from another thread but it didn't work too great for me
My hijack this log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:20 PM, on 6/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\syeqpqq.exe
C:\WINDOWS\system32\per.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe
C:\WINDOWS\??curity\r?ndll32.exe
C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\winstall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [zntwxtmA] C:\WINDOWS\zntwxtmA.exe
O4 - HKLM\..\Run: [SysTray] C:\Program Files\syeqpqq.exe
O4 - HKLM\..\Run: [w7f128d4.dll] RUNDLL32.EXE w7f128d4.dll,I2 0011b64c07f128d4
O4 - HKLM\..\Run: [253bddb6.exe] C:\WINDOWS\system32\253bddb6.exe
O4 - HKLM\..\Run: [win32hp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\per.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [zxc] nmdllw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Software Soft Stop] C:\Program Files\Spyware Soft Stop\Spyware Soft Stop.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [JAguAr] bingo9.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Tlrp] "C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [253bddb6.exe] C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StartCpl] FLKPT.exe
O4 - HKCU\..\Run: [teqq32] StartCpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [MSTCPDLL] CToolBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E136C1-4909-4510-A207-205FE6B0FCAA}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECA17660-E38C-4240-AFF7-0E6B7CBB819A}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.149,85.255.112.14
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll
O20 - Winlogon Notify: s_reg - notifysb.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe


I have a few other issues, my computer is pretty slow and I still can't access task manager, it say it was disable by the administrator.
My swallpaper keeps going off when I first start my computer and the icons on the desktop aren't transparent anymore but they have a black background.
How to I get my computer up and running good again?
I'm gonna try to follow the instructions that you posted and hopefully it will fix it.
I went in my control panel and couldn't see anything that you told me to remove

aridza
2006-06-03, 10:25
ok I followed the instructions from the link that you posted but I still get the http:\secure32.html instead of my homepage (actually I get a message saying that the path for it doesn't exist so my homepage is white)
I don't want to change anything until someone who knows what to do tells me as I really don't want to mess my computer up more that I've already done.
My anti virus AVG 7 still pops up and tells me I'm infected so I click on heal but they keep coming back it seems.

Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 12:23:27 AM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {43A5C34D-AD51-D58A-13E9-2421DBCCD343} - slamm.dll (file missing)
F2 - REG:system.ini: Shell=explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [zntwxtmA] C:\WINDOWS\zntwxtmA.exe
O4 - HKLM\..\Run: [w7f128d4.dll] RUNDLL32.EXE w7f128d4.dll,I2 0011b64c07f128d4
O4 - HKLM\..\Run: [253bddb6.exe] C:\WINDOWS\system32\253bddb6.exe
O4 - HKLM\..\Run: [win32hp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [zxc] nmdllw.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [JAguAr] bingo9.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Testimonials] Bogobot.exe
O4 - HKLM\..\Run: [AliceSD] TRPT.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Tlrp] "C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [253bddb6.exe] C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [StartCpl] FLKPT.exe
O4 - HKCU\..\Run: [teqq32] StartCpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [MSTCPDLL] CToolBar.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [MsNetHelper] MSTCPDLL.exe
O4 - HKCU\..\Run: [Preliminary] panel_its.exe
O4 - HKCU\..\Run: [utsgmon] gabber.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E136C1-4909-4510-A207-205FE6B0FCAA}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

LonnyRJones
2006-06-03, 10:47
Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {43A5C34D-AD51-D58A-13E9-2421DBCCD343} - slamm.dll (file missing)
F2 - REG:system.ini: Shell=explorer.exe
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [zntwxtmA] C:\WINDOWS\zntwxtmA.exe
O4 - HKLM\..\Run: [w7f128d4.dll] RUNDLL32.EXE w7f128d4.dll,I2 0011b64c07f128d4
O4 - HKLM\..\Run: [253bddb6.exe] C:\WINDOWS\system32\253bddb6.exe
O4 - HKLM\..\Run: [win32hp] C:\WINDOWS\system32\win32hlp.exe
O4 - HKLM\..\Run: [zxc] nmdllw.exe
O4 - HKLM\..\Run: [JAguAr] bingo9.exe
O4 - HKLM\..\Run: [Testimonials] Bogobot.exe
O4 - HKLM\..\Run: [AliceSD] TRPT.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Tlrp] "C:\PROGRA~1\COMMON~1\FNTS~1\msconfig.exe" -vt ndrv
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame6.exe3072.exe
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe
O4 - HKCU\..\Run: [253bddb6.exe] C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\system32\taskdir.exe
O4 - HKCU\..\Run: [StartCpl] FLKPT.exe
O4 - HKCU\..\Run: [teqq32] StartCpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [MSTCPDLL] CToolBar.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [MsNetHelper] MSTCPDLL.exe
O4 - HKCU\..\Run: [Preliminary] panel_its.exe
O4 - HKCU\..\Run: [utsgmon] gabber.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0E136C1-4909-4510-A207-205FE6B0FCAA}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O17 - HKLM\System\CS2\Services\Tcpip\..\{C0784AC8-3F64-4DC6-8888-450709B60A8E}: NameServer = 85.255.116.132,85.255.112.180
O20 - AppInit_DLLs: C:\WINDOWS\system32\iexplore.dll

Did you install this program ? if not place a check next to these also
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\KillAndClean\KillAndClean.exe (HKCU)
====================================
Hit fix checked (dont worry about the Hijackthis error)and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a new hijackthis log
Run smithfraudfix choose option 1 and post that report , also a blacklite log
Post a report from this tool if any FILES show
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Click the i accept button near the bottom of that page.
Download and run blacklite click > scan then > next, next again then exit
there will be a new txt near blacklite. post it please.
Important: If any files show Do not rename them YET.....legitimate files can be listed.

aridza
2006-06-03, 11:21
here's my hijackthis report:
Logfile of HijackThis v1.99.1
Scan saved at 1:17:32 AM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hijackthis!\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe


The smitfraudfix report:SmitFraudFix v2.53

Scan done at 1:19:17.51, Sat 06/03/2006
Run from C:\Documents and Settings\New User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\New User\Application Data

C:\Documents and Settings\New User\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\NEWUSE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Messenger\\howywy.html"
"SubscribedURL"=""
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

aridza
2006-06-03, 11:29
ok I ran blacklite and nothing came up, no report and it said 0 item found (or something like that).
I've noticed my computer is up to speed, less pop ups (but still some), the secure 32 thing is gone but the task manager is still disable and my icons are still black (well their background), any idea how to fix that too?
BTW, thanks a lot for your help

LonnyRJones
2006-06-03, 15:54
In windows control panel > display, change the theme, click apply then change it back

On line 51 over to the right get enable task manager
http://www.kellys-korner-xp.com/xp_tweaks.htm
download the reg file to the desktop then run it and answer yes to the prompt.

Fix these item's with hijackthis
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKCU\..\Run: [Zebkln] C:\WINDOWS\CURITY~1\RNDLL3~1.EXE
===============
Close Hijackthis

Go start run and paste in the bolded line below
C:\WINDOWS\CURITY~1\
What are the contents ?
do the same with this line
C:\PROGRA~1\COMMON~1\FNTS~1\

aridza
2006-06-03, 18:31
ok I pasted the lines to run and both folders are empty.
I did the display thing and it didn't change anything.
Here's my new log: Logfile of HijackThis v1.99.1
Scan saved at 8:29:07 AM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe


But my task manager works, thanks

LonnyRJones
2006-06-03, 22:05
Run smithfraudfix choose the clean option, no need to run it in safe mode this time.

Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.exe
C:\Documents and Settings\New User\Local Settings\Application Data\253bddb6.exe
C:\WINDOWS\system32\taskdir.exe
C:\WINDOWS\system32\taskdir.dll
C:\WINDOWS\system32\253bddb6.exe
C:\WINDOWS\system32\win32hlp.exe
C:\WINDOWS\zntwxtmA.exe
C:\WINDOWS\system32\0mcamcap.exe
C:\Program Files\syeqpqq.exe
C:\WINDOWS\system32\per.exe
C:\Program Files\ipwins\ipwins.exe
C:\Program Files\nkkk.exe
C:\WINDOWS\win32101-194404746.exe
C:\WINDOWS\system32\tt.exe

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
Run Killbox and , copy each line below into it one line at a time then click the reg x button
C:\WINDOWS\CURITY~1
C:\PROGRA~1\COMMON~1\FNTS~1
C:\Program Files\KillAndClean
C:\Program Files\UnSpyPC
C:\Program Files\SpySheriff
C:\Program Files\ipwins

If this didnt work "In windows control panel > display, change the theme, click apply then change it back "
In display > apearance tab under windows and buttons change it to something else click apply then change it to "windows XP style" and click apply. Hopefully that worked ?

aridza
2006-06-04, 00:15
it worked!!
Thank you so much!!!!!!
so here is my new log, hopefully the last one:
Logfile of HijackThis v1.99.1
Scan saved at 2:14:57 PM, on 6/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

LonnyRJones
2006-06-04, 00:50
Looks ok

Run Avg, SpyBot then ewido one at a time preferably while the pc is in safe mode.

One more log :) from either of these free online scans
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx
select all drives, scan, Try to cure/repair, if it cannot choose delete! If it cannot delete tell us the files names and locations.
If there are any problems post there report's back here.

aridza
2006-06-04, 07:50
here's my report, I guess it's bad:

Scan Statistics:
Total number of scanned objects: 60909
Number of viruses found: 95
Number of infected objects: 344
Number of suspicious objects: 0
Duration of the scan process: 01:44:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\New User\loaded.exe Infected: Trojan-Downloader.Win32.Small.cxg skipped
C:\ebud.exe Infected: Trojan-PSW.Win32.Sinowal.w skipped
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.dll Infected: Trojan-PSW.Win32.Sinowal.w skipped
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00008.dll Infected: Trojan-PSW.Win32.Sinowal.i skipped
C:\Program Files\Internet Explorer\lock.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP33\A0012525.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP33\A0012528.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP33\A0012529.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP34\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP34\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP34\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP34\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP34\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP35\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP35\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP35\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP35\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP35\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP36\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP36\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP36\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP36\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP36\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP37\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP37\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP37\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP37\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP37\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\A0013016.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\A0013017.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP38\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013046.dll Infected: not-a-virus:AdWare.Win32.RK.e skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013054.exe Infected: Trojan-Downloader.Win32.WarSpy.d skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013055.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013056.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013057.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013058.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013060.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013061.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013062.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013063.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013065.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013066.exe Infected: not-a-virus:AdWare.Win32.RK.f skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013068.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013069.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013070.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013071.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013072.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013075.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013082.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013090.exe Infected: Trojan-PSW.Win32.Sinowal.r skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013091.dll Infected: Trojan-PSW.Win32.Sinowal.r skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013092.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013093.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013094.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013095.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013096.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013097.exe Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013099.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013100.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013102.exe Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013103.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013108.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013109.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013110.exe/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013110.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013111.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013111.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013111.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013112.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013113.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013114.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013116.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013117.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013120.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013131.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013132.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013133.exe Infected: Trojan-Downloader.Win32.VB.adw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013134.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.u skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013134.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013134.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013134.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013136.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013137.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013138.exe Infected: Trojan-Downloader.Win32.Adload.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013139.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013140.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013141.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013142.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013145.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013147.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013149.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013152.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013158.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013161.dll Infected: Trojan-PSW.Win32.Sinowal.r skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013162.dll Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013163.dll Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013164.dll Infected: Trojan.Win32.Agent.pk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013170.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013174.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013177.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013179.exe Infected: Trojan-Proxy.Win32.Agent.jw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013180.exe Infected: Trojan-Proxy.Win32.Small.em skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013182.exe Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013183.exe Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013187.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013188.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013189.exe Infected: Trojan-Downloader.Win32.Small.ctk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013190.exe Infected: Trojan-Downloader.Win32.Small.cug skipped

aridza
2006-06-04, 07:59
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013191.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013192.exe Infected: Trojan-Downloader.Win32.Tiny.cp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013201.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013202.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013204.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013207.exe Infected: Trojan-Proxy.Win32.Agent.jw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013209.exe Infected: Trojan-Proxy.Win32.Small.em skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013210.exe Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013211.exe Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013213.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013214.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013215.exe Infected: Trojan-Downloader.Win32.Small.ctk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013216.exe Infected: Trojan-Downloader.Win32.Small.cug skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013217.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013218.exe Infected: Trojan-Downloader.Win32.Tiny.cp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\A0013220.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\snapshot\MFEX-2.DAT Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\snapshot\MFEX-6.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP39\snapshot\MFEX-7.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013222.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013224.exe Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013225.exe Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013226.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013227.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0013228.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0014200.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0015201.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0015203.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0015205.exe Infected: Trojan-Proxy.Win32.Agent.jw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016200.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016203.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016205.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016207.exe Infected: Trojan-Proxy.Win32.Small.em skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016209.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016210.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016211.exe Infected: Trojan-Downloader.Win32.Small.ctk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016212.exe Infected: Trojan-Downloader.Win32.Small.cug skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016213.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016214.exe Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016215.exe Infected: Trojan-Downloader.Win32.Tiny.cp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP40\A0016216.exe Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016221.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016231.exe Infected: Trojan-Clicker.Win32.Small.kg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016233.exe Infected: not-a-virus:AdWare.Win32.Msnagent.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016235.exe Infected: not-a-virus:AdWare.Win32.FindSpy.a skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016236.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016250.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016261.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016271.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016272.exe Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016274.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016275.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016276.exe Infected: Trojan-Proxy.Win32.Small.em skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016277.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016278.exe Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016279.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016280.exe Infected: Trojan-Downloader.Win32.Small.cug skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016281.exe Infected: Trojan-Downloader.Win32.Small.ctk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016282.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016283.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016284.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016287.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016300.exe Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016305.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016306.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016324.dll Infected: not-a-virus:AdWare.Win32.Ihbo.e skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016325.exe Infected: Trojan-Downloader.Win32.Small.cug skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016326.exe Infected: Trojan-Downloader.Win32.Small.ctk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016327.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016328.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016329.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016331.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016338.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016349.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016366.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016369.exe Infected: not-a-virus:AdWare.Win32.PurityScan.el skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0016379.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017380.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017442.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017448.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017449.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017450.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017451.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017454.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017456.exe Infected: Trojan-PSW.Win32.Sinowal.q skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017457.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017458.exe Infected: Trojan-Downloader.Win32.VB.adw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017459.dll Infected: Trojan-Proxy.Win32.Xmiler.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017460.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017461.exe Infected: Trojan-Clicker.Win32.Small.kr skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017462.exe Infected: Trojan-Downloader.Win32.Small.ctf skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017463.exe/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017463.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017463.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017463.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017463.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017468.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017469.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017470.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017471.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017472.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017473.exe Infected: not-a-virus:AdWare.Win32.Agent.z skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017474.exe Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017475.exe Infected: Trojan.Win32.StartPage.adi skipped

aridza
2006-06-04, 07:59
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017476.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017477.exe Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017478.exe Infected: not-virus:Hoax.Win32.Renos.dc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017479.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017480.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017481.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017482.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017483.exe Infected: Trojan-Downloader.Win32.Adload.bq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017484.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017486.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017487.exe Infected: Trojan-Proxy.Win32.Agent.jw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017488.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017489.dll Infected: Trojan.Win32.Agent.pk skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017490.dll Infected: Trojan-Proxy.Win32.Xmiler.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017491.exe Infected: Trojan.Win32.Dialer.pw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017492.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017495.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017496.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017497.exe Infected: Trojan-Clicker.Win32.Small.kg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017499.exe Infected: Trojan.Win32.Dialer.pw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017500.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017501.exe Infected: not-a-virus:AdWare.Win32.Msnagent.b skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017502.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017503.dll Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017504.exe Infected: not-a-virus:AdWare.Win32.FindSpy.a skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017505.exe Infected: Trojan-Downloader.Win32.Small.awa skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017506.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017507.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017508.exe Infected: Trojan-Downloader.Win32.Tiny.cp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017509.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017510.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017511.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017512.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017513.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017514.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017515.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017516.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017517.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017518.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017519.exe Infected: Trojan-Downloader.Win32.Small.csn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017520.exe Infected: Trojan-Downloader.Win32.Small.cug skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017521.exe Infected: Trojan-Downloader.Win32.Tiny.cp skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017522.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017523.exe/data0006 Infected: not-a-virus:AdWare.Win32.Agent.y skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017523.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017523.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017523.exe PE_Patch.UPX: infected - 1 skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017524.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017525.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017526.dll Infected: not-virus:Hoax.Win32.Renos.dh skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017533.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP41\A0017538.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP43\A0017544.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP43\A0017545.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP43\A0017546.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0017580.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0017905.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0017906.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0017907.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018260.exe Infected: Trojan-Downloader.Win32.Small.cxg skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018261.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018262.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018331.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018384.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018386.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018389.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018425.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018429.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018435.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018437.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018443.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP44\A0018485.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022622.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022623.dll Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022624.dll Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022636.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022646.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022647.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022652.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022653.exe Infected: not-virus:Hoax.Win32.Renos.dc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022654.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022655.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022667.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022673.exe Infected: Trojan-Clicker.Win32.Small.kr skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022674.exe Infected: not-virus:Hoax.Win32.Renos.cn skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022675.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022676.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022677.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022678.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022679.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022680.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022681.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022682.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022683.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022684.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022685.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022686.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022687.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022688.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022689.exe Infected: Trojan-Downloader.Win32.Delf.zc skipped
C:\System Volume Information\_restore{851CF590-5906-4F21-BAE4-B1D40FBE5578}\RP46\A0022694.exe Infected: Trojan-PSW.Win32.Sinowal.v skipped
C:\TMD-Recruit.4.10C\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\1400.exe Infected: Packed.Win32.Tibs skipped
C:\WINDOWS\system32\VSL03.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\WINDOWS\system32\VSL03.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\system32\VSL03.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\VSL05.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\WINDOWS\system32\VSL05.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\WINDOWS\system32\VSL05.exe NSIS: infected - 2 skipped
C:\WINDOWS\ѕеcurity\rυndll32.exe Infected: not-a-virus:AdWare.Win32.PurityScan.em skipped

Scan process completed.

LonnyRJones
2006-06-04, 08:15
Delete these files
C:\Documents and Settings\New User\loaded.exe
C:\ebud.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00007.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00008.dll
C:\Program Files\Internet Explorer\lock.exe
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\ѕеcurity\rυndll32.exe (dont try deleteing rundll32 at other locations)
C:\WINDOWS\pf78.exe
C:\WINDOWS\system32\1400.exe
C:\WINDOWS\system32\VSL03.exe

Empty the windows recyclebin
Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.


Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Let us know how your pc after a few days

tashi
2006-06-09, 17:46
As the problem appears to be resolved this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.

Glad we could help.

aridza
2006-06-12, 20:30
My computer seems to be slower than it should mostly for the internet, when I first open IE it takes a long time for the page to load.
I was told to run housecall and it cleaned up some and spy-bot didn't detect anything, I tried ad-aware but for some reason the program freezes after 2-3 minutes, I've re-installed it but same thing.
I also have a problem with real player, my movies show upside down and mirrored and I was told it might be because of hijackers so I uninstalled real player.
I had put my security level the highest for the internet but had to turn it down because it wouldn't let me do some things because it blocked all the activeX things.
Tell me what you think about this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:54 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144714802454
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173739437
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

LonnyRJones
2006-06-12, 21:54
Hi

What type of internet connection is it you have and by whom ?
Do you use a router ?
Once connected(or the first browser has loaded) there are no problems ?

aridza
2006-06-13, 00:18
I have sbc yahoo DSL without a router.
it seem pretty slow to load the pages, well not too slow but slower than before and I get lots of unavailable pages within a site (like ads and some buttons) for exemple in my email page by yahoo, I get some red crosses oin boxes and stuff like that.

Does everything look ok from my log?

LonnyRJones
2006-06-13, 01:34
Perhaps contact Yahoo and check there faq's

Did you install that hosts file ? it can couse add's withing email and webpages to not appear, thats a good thing actualy.

aridza
2006-06-13, 02:16
I installed whatever you told me too, lol.
Well I'm glad to know my computer is clear of all the craps.
I'm gonna see with SBC DSL.
Thanks

LonnyRJones
2006-06-17, 21:00
Hows that PC now ?

aridza
2006-06-17, 21:23
Well I talked to the DSL people and was told to just clear my cookies and temp files several times a day, it helps a bit but not as much as I would.
it's still kind of slow to initially open IE

LonnyRJones
2006-06-24, 13:43
Im not sure what to suggest other than what we have already done

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let Me or Tashi know.