Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trogan Horse Generic.XDJ Located C:\:EnwzK.exe

Started by bonnie_67 , Nov 27 2006 08:43 PM

  • This topic is locked This topic is locked

#16
bonnie_67
Posted 01 December 2006 - 03:40 PM

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok i think i done it right now. i right cliped on the file and clicked on extract all. hope that is the same as unzipping. then i renamed it test.exe not just test like i first did. oops. then i opened it up.

i am saying sorry in advance if i am driving you crazy but i dont mean to :whistling:

here is the log (well i hope it is the right one)

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-02 05:36:39
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IncMail.exe[136] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[488] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[512] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Documents and Settings\Bonnie\Desktop\Test\test.exe.exe[616] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[836] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[836] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[836] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[836] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[836] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1504] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1504] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1504] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1504] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\WINDOWS\explorer.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\explorer.exe[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\WINDOWS\explorer.exe[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\WINDOWS\explorer.exe[1996] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\WINDOWS\explorer.exe[1996] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2568] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2568] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2568] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2568] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[2596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[2596] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[2596] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[2596] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[2596] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\PROGRA~1\INCRED~1\bin\IMApp.exe[2796] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2980] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2980] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2980] user32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2980] user32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] kernel32.dll!CreateProcessW 7C802332 6 Bytes [ FF, 25, 1E, 00, 12, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] kernel32.dll!CreateProcessA 7C802367 6 Bytes [ FF, 25, 1E, 00, 0E, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!SetWindowsHookExW 77D5E4AF 6 Bytes [ FF, 25, 1E, 00, 0B, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[3224] USER32.dll!SetWindowsHookExA 77D611E9 6 Bytes [ FF, 25, 1E, 00, 05, 5F ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1585A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1585A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1585A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1585A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8B1585A] avgtdi.sys

---- EOF - GMER 1.0.12 ----
  • 0

Advertisements

#17
bonnie_67
Posted 01 December 2006 - 08:11 PM

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hey are you asking me to ignor this post or other people? Have i done something wrong or affended you???
  • 0

#18
logreeval
Posted 01 December 2006 - 11:15 PM

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
I accidentally posed something here, I didnt mean to post that post, everything is fine, I will post back with instructions a little later, thank you for being patient. :whistling:

logreeval
  • 0

#19
bonnie_67
Posted 01 December 2006 - 11:38 PM

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
hi ran Bitdefender to see if i had any virus and it found one

C:\Program Files\Acceleration Software\Anti-Virus\vir_Zotob.cnr
Infected with: Generic.Qhost.0F155C05

C:\Program Files\Acceleration Software\Anti-Virus\vir_Zotob.cnr
Disinfection failed

C:\Program Files\Acceleration Software\Anti-Virus\vir_Zotob.cnr
Deleted

Time
01:45:34

Files
403792

Folders
7509

Boot Sectors
2

Archives
3808

Packed Files
45629




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
323946

Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


HIJACKTHIS REPORT


Logfile of HijackThis v1.99.1
Scan saved at 1:36:30 PM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bonnie\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-au\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft....com/activescan (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://lil-mwa.space...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CEACE003-00D1-4AE7-872F-BA6F9B009374}: NameServer = 203.134.64.66,203.134.65.66
O18 - Protocol: bw+0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {84F1CB21-01A0-430B-9B58-B7908682E219} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe


hope im doing good
  • 0

#20
logreeval
Posted 02 December 2006 - 12:42 AM

logreeval

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,230 posts
You are clean bonnie :blink:

There shouldn't be anymore problems, but if there is, let me know :whistling:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#21
bonnie_67
Posted 02 December 2006 - 09:27 PM

bonnie_67

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
thanks have started downloading the sites you recommended. thanks for your time. Have a merry xmas and a save new year


bonnie
  • 0

#22
OwNt
Posted 07 December 2006 - 09:19 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP