Hijacker trojans? Help please

shawdy · Joined: 26 Jun 2009 Posts: 4

hi, everytime i click a google link i get redirected to spam sites, abcjmp, overclick etc.

I posted on another help forum that are a bit slow and here is the logs so far

The file "C:\Users\shaun\wxpepoqxxd.exe" i had noticed in a malware/virus scan and was able to remove manually, therfore shows in the scan as not found.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc" deleted successfully.
Driver "AcronisOSSReinstallSvcAcrSch2Svc" deleted successfully.
Driver "AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc" deleted successfully.

Error: file "C:\Users\shaun\wxpepoqxxd.exe" not found!
Deletion of file "C:\Users\shaun\wxpepoqxxd.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\wxpepoqxxd.exe" deleted successfully.
File "C:\Windows\system32\hjghj.exe" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S45" deleted successfully.

Completed script processing.

shawdy · Joined: 26 Jun 2009 Posts: 4

Edit postReport this postReply with quoteRe: Help! Redirects to Abcjmp.com Overclick etc
by shawdy » Fri Jun 26, 2009 9:28 am

If of any importance to your help

System has froze and has been restarted sice these last 2 log files

Also This trojan keeps being stopped by bitdefender and quaranteened, but constantly keeps popping back up.

Trojan.Spy.Zbot.UO C:\Windows\Temp Skynet(random letters).tmp

Also redoing another superantispyware scan shows Trogen.Agent/Gen-AlerterAlG found 3 times, The scan also found these last night and was removed but looks like they have npw reappeared.

Logfile of random's system information tool 1.06 (written by random/random)
Run by shaun at 2009-06-26 08:56:21
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 241 GB (84%) free of 286 GB
Total RAM: 3071 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:37, on 26/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\shaun\Desktop\new antispy\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\shaun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Acronis OS Selector Reinstall Service AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc (AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc) - Unknown owner - C:\Windows\System32\wxpepoqxxd.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7013 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Malwarebytes' Scheduled Scan for shaun.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for shaun.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll [2009-05-04 398768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-06-24 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-06-24 778240]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-06-24 69632]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-04-09 2595792]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-04-09 909208]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-04-09 136472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-31 3399727]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-25 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-26 08:52:18 ----A---- C:\avenger.txt
2009-06-26 08:07:23 ----D---- C:\Program Files\ESET
2009-06-26 07:36:24 ----A---- C:\Windows\ntbtlog.txt
2009-06-26 07:11:10 ----D---- C:\Avenger
2009-06-26 01:42:09 ----D---- C:\Program Files\trend micro
2009-06-26 01:42:07 ----D---- C:\rsit
2009-06-26 00:30:58 ----D---- C:\Program Files\Alwil Software
2009-06-25 23:11:53 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-06-25 23:11:43 ----D---- C:\Users\shaun\AppData\Roaming\SUPERAntiSpyware.com
2009-06-25 23:11:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-25 23:11:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-25 20:26:49 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-25 20:26:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-25 20:21:55 ----D---- C:\Users\shaun\AppData\Roaming\PC Tools
2009-06-25 20:21:55 ----D---- C:\Program Files\Spyware Doctor
2009-06-25 20:18:49 ----D---- C:\Windows\Minidump
2009-06-25 16:10:10 ----D---- C:\Program Files\Home Series
2009-06-25 14:33:57 ----D---- C:\ProgramData\GlobalSCAPE
2009-06-25 14:28:50 ----A---- C:\Windows\system32\vncmirror.dll
2009-06-25 14:28:48 ----D---- C:\Program Files\RealVNC
2009-06-25 11:39:54 ----D---- C:\Users\shaun\AppData\Roaming\Thinstall
2009-06-25 11:33:16 ----D---- C:\downloads
2009-06-25 10:58:49 ----D---- C:\Program Files\Multimedia Australia
2009-06-25 10:58:24 ----D---- C:\Windows\Downloaded Installations
2009-06-25 10:48:06 ----D---- C:\Program Files\Web Page Maker V2
2009-06-25 10:38:17 ----D---- C:\ProgramData\Magix
2009-06-25 10:28:19 ----D---- C:\Users\shaun\AppData\Roaming\MAGIX
2009-06-25 10:27:16 ----D---- C:\ProgramData\Xara
2009-06-25 10:27:16 ----D---- C:\Program Files\Xara
2009-06-25 10:07:43 ----D---- C:\Users\shaun\AppData\Roaming\Corel
2009-06-25 10:05:58 ----D---- C:\Program Files\Common Files\Corel
2009-06-25 10:05:50 ----D---- C:\ProgramData\Corel
2009-06-25 10:05:50 ----D---- C:\Program Files\Common Files\Protexis
2009-06-25 10:03:01 ----D---- C:\Program Files\Corel
2009-06-25 01:51:11 ----D---- C:\Users\shaun\AppData\Roaming\Web Page Maker
2009-06-25 01:51:02 ----D---- C:\Program Files\Web Page Maker
2009-06-25 00:49:15 ----AD---- C:\ProgramData\TEMP
2009-06-25 00:20:08 ----D---- C:\Program Files\iMesh Applications
2009-06-25 00:07:41 ----D---- C:\Users\shaun\AppData\Roaming\Free Download Manager
2009-06-25 00:07:28 ----D---- C:\ProgramData\FreeDownloadManager.ORG
2009-06-25 00:07:26 ----D---- C:\Program Files\Free Download Manager
2009-06-25 00:04:01 ----A---- C:\Windows\system32\unrar.dll
2009-06-25 00:03:54 ----D---- C:\Program Files\K-Lite Codec Pack
2009-06-24 23:56:40 ----D---- C:\Users\shaun\AppData\Roaming\GlobalSCAPE
2009-06-24 23:56:21 ----D---- C:\Program Files\GlobalSCAPE
2009-06-24 23:56:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-24 23:55:38 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-24 23:43:29 ----D---- C:\Users\shaun\AppData\Roaming\Malwarebytes
2009-06-24 23:43:21 ----D---- C:\ProgramData\Malwarebytes
2009-06-24 23:43:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-24 23:18:39 ----D---- C:\Windows\Panther
2009-06-24 23:18:27 ----RAS---- C:\BOOTSECT.BAK
2009-06-24 23:18:25 ----SHD---- C:\Boot
2009-06-24 19:20:44 ----D---- C:\ProgramData\Acronis
2009-06-24 19:19:44 ----D---- C:\Program Files\Common Files\Acronis
2009-06-24 19:19:44 ----D---- C:\Program Files\Acronis
2009-06-24 18:49:33 ----A---- C:\Windows\system32\un2065.txt
2009-06-24 18:49:32 ----A---- C:\Windows\system32\2065.txt
2009-06-24 18:43:28 ----D---- C:\Users\shaun\AppData\Roaming\BitDefender
2009-06-24 18:43:27 ----D---- C:\Binaries
2009-06-24 18:43:09 ----D---- C:\ProgramData\BitDefender
2009-06-24 18:21:20 ----D---- C:\Windows\system32\appmgmt
2009-06-24 17:34:25 ----D---- C:\Windows\system32\logs
2009-06-24 17:34:19 ----D---- C:\Program Files\Common Files\MSSoap
2009-06-24 17:33:59 ----D---- C:\Program Files\BitDefender
2009-06-24 17:33:02 ----D---- C:\Windows\system32\URTTEMP
2009-06-24 17:32:34 ----D---- C:\Program Files\Common Files\BitDefender
2009-06-24 16:39:05 ----A---- C:\Windows\system32\DreamScene.dll
2009-06-24 16:38:15 ----A---- C:\Windows\system32\iesetup.dll
2009-06-24 16:38:14 ----A---- C:\Windows\system32\wininet.dll
2009-06-24 16:38:14 ----A---- C:\Windows\system32\ieui.dll
2009-06-24 16:38:14 ----A---- C:\Windows\system32\iertutil.dll
2009-06-24 16:38:14 ----A---- C:\Windows\system32\iernonce.dll
2009-06-24 16:38:14 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-24 16:38:13 ----A---- C:\Windows\system32\urlmon.dll
2009-06-24 16:38:13 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-24 16:38:13 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-24 16:38:11 ----A---- C:\Windows\system32\mshtml.dll
2009-06-24 16:38:11 ----A---- C:\Windows\system32\ieframe.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\msls31.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\icardie.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\corpol.dll
2009-06-24 16:37:24 ----A---- C:\Windows\system32\admparse.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\occache.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\inseng.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\imgutil.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\iepeers.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-24 16:37:23 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-24 16:37:22 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-24 16:37:22 ----A---- C:\Windows\system32\wextract.exe
2009-06-24 16:37:22 ----A---- C:\Windows\system32\webcheck.dll
2009-06-24 16:37:22 ----A---- C:\Windows\system32\mstime.dll
2009-06-24 16:37:22 ----A---- C:\Windows\system32\msrating.dll
2009-06-24 16:37:22 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-24 16:37:22 ----A---- C:\Windows\system32\ieakui.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\vbscript.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\url.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\jscript.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-24 16:37:21 ----A---- C:\Windows\system32\advpack.dll
2009-06-24 16:37:20 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\mshta.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\iexpress.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-24 16:37:20 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-24 15:54:29 ----D---- C:\Program Files\PROnetworks
2009-06-24 15:54:08 ----SHD---- C:\Windows\Installer
2009-06-24 15:52:20 ----D---- C:\Users\shaun\AppData\Roaming\WinRAR
2009-06-24 15:52:01 ----D---- C:\Program Files\WinRAR
2009-06-24 14:57:25 ----D---- C:\Users\shaun\AppData\Roaming\Macromedia
2009-06-24 14:57:25 ----D---- C:\Users\shaun\AppData\Roaming\Adobe
2009-06-24 14:57:24 ----D---- C:\Windows\system32\Macromed
2009-06-24 14:32:13 ----D---- C:\Users\shaun\AppData\Roaming\Identities
2009-06-24 14:31:48 ----SD---- C:\Users\shaun\AppData\Roaming\Microsoft
2009-06-24 14:31:48 ----D---- C:\Users\shaun\AppData\Roaming\Media Center Programs
2009-06-24 14:28:55 ----A---- C:\Windows\system32\wups2.dll
2009-06-24 14:28:55 ----A---- C:\Windows\system32\wucltux.dll
2009-06-24 14:28:55 ----A---- C:\Windows\system32\wuaueng.dll
2009-06-24 14:28:55 ----A---- C:\Windows\system32\wuauclt.exe
2009-06-24 14:28:44 ----A---- C:\Windows\system32\wups.dll
2009-06-24 14:28:44 ----A---- C:\Windows\system32\wudriver.dll
2009-06-24 14:28:44 ----A---- C:\Windows\system32\wuapi.dll
2009-06-24 14:28:31 ----A---- C:\Windows\system32\wuwebv.dll
2009-06-24 14:28:31 ----A---- C:\Windows\system32\wuapp.exe
2009-06-24 14:27:38 ----D---- C:\Windows\Debug
2009-06-24 14:22:30 ----D---- C:\Windows\SoftwareDistribution
2009-06-24 14:20:59 ----D---- C:\Windows\CSC
2009-06-24 14:19:20 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-06-26 08:56:33 ----D---- C:\Windows\Prefetch
2009-06-26 08:56:09 ----D---- C:\Windows\Temp
2009-06-26 08:54:51 ----D---- C:\Windows\System32
2009-06-26 08:52:18 ----D---- C:\Windows\system32\drivers
2009-06-26 08:07:24 ----SD---- C:\Windows\Downloaded Program Files
2009-06-26 08:07:23 ----RD---- C:\Program Files
2009-06-26 07:55:44 ----D---- C:\Windows\inf
2009-06-26 07:55:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-26 07:36:24 ----D---- C:\Windows
2009-06-26 00:32:47 ----SD---- C:\ProgramData\Microsoft
2009-06-25 23:11:53 ----HD---- C:\ProgramData
2009-06-25 23:11:05 ----D---- C:\Program Files\Common Files
2009-06-25 14:29:08 ----D---- C:\Windows\system32\catroot
2009-06-25 14:28:18 ----D---- C:\Windows\rescache
2009-06-25 12:44:54 ----D---- C:\Windows\Logs
2009-06-25 10:59:11 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-25 10:36:35 ----RSD---- C:\Windows\Fonts
2009-06-25 10:28:43 ----D---- C:\Windows\winsxs
2009-06-25 08:42:29 ----D---- C:\Windows\system32\WDI
2009-06-24 23:51:26 ----D---- C:\Windows\Tasks
2009-06-24 23:51:21 ----D---- C:\Windows\system32\Tasks
2009-06-24 22:51:09 ----A---- C:\Windows\system32\txmlutil.dll
2009-06-24 18:41:24 ----D---- C:\Windows\system32\catroot2
2009-06-24 17:42:17 ----D---- C:\Windows\system32\LogFiles
2009-06-24 17:33:40 ----D---- C:\Windows\Registration
2009-06-24 17:33:23 ----RSD---- C:\Windows\assembly
2009-06-24 17:33:02 ----D---- C:\Program Files\Internet Explorer
2009-06-24 17:22:11 ----D---- C:\Windows\system32\NDF
2009-06-24 16:42:37 ----D---- C:\Windows\Web
2009-06-24 16:42:37 ----D---- C:\Windows\system32\migration
2009-06-24 16:42:37 ----D---- C:\Windows\system32\en-US
2009-06-24 16:42:36 ----D---- C:\Windows\PolicyDefinitions
2009-06-24 16:38:59 ----D---- C:\Windows\system32\zh-TW
2009-06-24 16:38:59 ----D---- C:\Windows\system32\zh-CN
2009-06-24 16:38:59 ----D---- C:\Windows\system32\uk-UA
2009-06-24 16:38:59 ----D---- C:\Windows\system32\tr-TR
2009-06-24 16:38:59 ----D---- C:\Windows\system32\th-TH
2009-06-24 16:38:59 ----D---- C:\Windows\system32\sv-SE
2009-06-24 16:38:59 ----D---- C:\Windows\system32\sr-Latn-CS
2009-06-24 16:38:59 ----D---- C:\Windows\system32\sl-SI
2009-06-24 16:38:59 ----D---- C:\Windows\system32\sk-SK
2009-06-24 16:38:59 ----D---- C:\Windows\system32\ru-RU
2009-06-24 16:38:59 ----D---- C:\Windows\system32\ro-RO
2009-06-24 16:38:59 ----D---- C:\Windows\system32\pt-PT
2009-06-24 16:38:59 ----D---- C:\Windows\system32\pt-BR
2009-06-24 16:38:59 ----D---- C:\Windows\system32\pl-PL
2009-06-24 16:38:59 ----D---- C:\Windows\system32\nl-NL
2009-06-24 16:38:59 ----D---- C:\Windows\system32\nb-NO
2009-06-24 16:38:59 ----D---- C:\Windows\system32\lv-LV
2009-06-24 16:38:59 ----D---- C:\Windows\system32\lt-LT
2009-06-24 16:38:59 ----D---- C:\Windows\system32\ko-KR
2009-06-24 16:38:59 ----D---- C:\Windows\system32\ja-JP
2009-06-24 16:38:59 ----D---- C:\Windows\system32\it-IT
2009-06-24 16:38:58 ----D---- C:\Windows\system32\hu-HU
2009-06-24 16:38:58 ----D---- C:\Windows\system32\hr-HR
2009-06-24 16:38:58 ----D---- C:\Windows\system32\he-IL
2009-06-24 16:38:58 ----D---- C:\Windows\system32\fr-FR
2009-06-24 16:38:58 ----D---- C:\Windows\system32\fi-FI
2009-06-24 16:38:58 ----D---- C:\Windows\system32\et-EE
2009-06-24 16:38:58 ----D---- C:\Windows\system32\es-ES
2009-06-24 16:38:58 ----D---- C:\Windows\system32\el-GR
2009-06-24 16:38:58 ----D---- C:\Windows\system32\de-DE
2009-06-24 16:38:58 ----D---- C:\Windows\system32\da-DK
2009-06-24 16:38:58 ----D---- C:\Windows\system32\cs-CZ
2009-06-24 16:38:58 ----D---- C:\Windows\system32\bg-BG
2009-06-24 16:38:58 ----D---- C:\Windows\system32\ar-SA
2009-06-24 16:36:00 ----RSD---- C:\Windows\Media
2009-06-24 16:20:48 ----D---- C:\Windows\system32\oobe
2009-06-24 14:32:38 ----SHD---- C:\$Recycle.Bin
2009-06-24 14:31:42 ----RD---- C:\Users
2009-06-24 14:28:04 ----D---- C:\Windows\system32\restore
2009-06-24 14:23:51 ----D---- C:\Windows\Microsoft.NET

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-06-24 137224]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-06-24 82696]
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2009-06-24 44384]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-30 3929600]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2009-06-24 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-06-24 104328]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2009-06-24 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-06-24 8832]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2009-06-17 19096]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 IKFileSec;File Security Driver; C:\Windows\system32\drivers\ikfilesec.sys [2009-06-25 40840]
S3 IKSysFlt;System Filter Driver; C:\Windows\system32\drivers\iksysflt.sys [2009-06-25 66952]
S3 IKSysSec;System Security Driver; C:\Windows\system32\drivers\iksyssec.sys [2009-06-25 81288]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2009-06-24 13056]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-06-24 39808]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-04-09 431384]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-08-30 704512]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-06-24 415024]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-06-24 1626112]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-06-12 2159992]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc;Acronis OS Selector Reinstall Service AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc; C:\Windows\System32\wxpepoqxxd.exe service []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-21 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]
S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-06-25 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-06-25 1079176]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]

-----------------EOF-----------------

thanks for your quick responseshawdy

Posts: 5
Joined: Fri Jun 26, 2009 12:45 am
Private message

HJT Analyzer · Joined: 15 Mar 2006 Posts: 728

Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1. Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O13 - Gopher Prefix:

3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ''LOCAL SERVICE'')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc (AcronisOSSReinstallSvcAcronisOSSReinstallSvcAcronisOSSReinstallSvcAcrSch2Svc) - Unknown owner - C:\Windows\System32\wxpepoqxxd.exe (file missing)
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-06-24 137224]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-30 3929600]
R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2009-06-24 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2009-06-24 104328]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2009-06-24 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-06-24 8832]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2009-06-17 19096]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 vncmirror;vncmirror; C:\Windows\system32\DRIVERS\vncmirror.sys [2008-06-12 4608]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]

4. Now restart your system in Safe Mode. This step is very important!
5. Use the Pocket KillBox utility to delete the following files:

C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll

The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Users\shaun\Desktop\new antispy\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\shaun.exe
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ''LOCAL SERVICE'')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ''NETWORK SERVICE'')
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes'' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.

If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!

giedmaja · Joined: 22 Jan 2006 Posts: 10 Location: Kaunas

Hello,
If the problems continue,
1. Check if your internet connection is proxied (check in tools->options->connection->lan setings or similar).
2. Check your windows/system32/drivers/etc/hosts file
3. Try scanning with better anti-spyware (like spyware doctor) or anti-virus software. Although bitdefender is good, I would recommend nod32. here a review: http://www.2-viruses.com/eset-nod32-antivirus. There is not 100% anti-spyware or anti-virus.
_________________
Programming and search optimisation blog

shawdy · Joined: 26 Jun 2009 Posts: 4

Are these 2 not important?

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O13 - Gopher Prefix:

have already use spyware doctor definitions upto date, but finds nothing

rodi · Site Admin Joined: 23 Jun 2009 Posts: 128

These files are important, don't delete them. It's a bit strange that Spyware Doctor didn't find anything. Does your PC work better now?

shawdy · Joined: 26 Jun 2009 Posts: 4

I tried to do a sytem restore but it kept saying it couldn`t. Some how my ntfs disk had changed to raw so wouldn`t do it or dskchk it, can mallware change your drive to raw? never come across that before.

Anyway i found a old disc image (acronis) on another comp so restored it from there although i would have liked to get rid of the mallware on the current setup as it was all a new install of vista ult, must have picked up something attached to an app i`d installed.

I have gone over the pc with spyware doctor ,spybot s&d, and bitdefender. spyware doc found nothing.

Ive googled the abcjmp redirect and theres lots of others that cant find anything using spyware doc and other stuff. Its been a complete pain, been getting pc setup al week after new install, just getting running then Bam!! back to square one.

thanks for your help