Black Core Trojan And Other Things

**zombelord** · 24-05-2007

Hello all,

I have a few problems on my PC. One of them is called Black Core by Kill Home Inc.

SPS&D has found it many times before, and each time I delete it. It always comes back.

I also have many other things that SPS&D has found, but each time, they keep coming back.

(From all of the following reports, I did not and won't delete anything just yet. So reports may repeat themselves on different programs. I know that you are supposed to clear your system before posting, but when I clear my system and scan again, these problems don't appear right away. They take about a day or so to come back, and I know they all come back, so I'm saving myself some time and trouble.)

Here is a list of things that SPS&D has found:

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
Clickbank: Tracking cookie (Firefox: default) (Cookie, nothing done)
DirectTrack: Tracking cookie (Firefox: default) (Cookie, nothing done)
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, nothing done)
ErrorSafe: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)
BlackCore: Tracking cookie (Firefox: default) (Cookie, nothing done)
DirectTrack: Tracking cookie (Firefox: default) (Cookie, nothing done)
DirectTrack: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
WarezP2P: Tracking cookie (Firefox: default) (Cookie, nothing done)
Common Dialogs: History (39 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (6) (Cookie, nothing done)

Cache: Cache (51) (Cache, nothing done)

Cookie: Cookie (890) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-05-23 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-05-23 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-05-23 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-05-16 Includes\Malware.sbi
2007-05-23 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-05-23 Includes\PUPSC.sbi
2007-05-23 Includes\Revision.sbi
2007-05-24 Includes\Security.sbi
2007-05-23 Includes\SecurityC.sbi
2007-05-23 Includes\Spybots.sbi
2007-05-23 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi
2007-05-23 Includes\TrojansC.sbi

---------------------------------------------------------
That was the complete Report from SPS&D.

Also, NoAdware sometimes finds 2 more things (Hijackers), but I just scanned my computer, and it didn't find anything.

Ad-Aware Found Nothing.

Here is my Hijackthis report:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Zs\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://flredirect.e-officedirect.com...JonTerp1000779
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166069465312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D23450-C3FD-42FB-A59A-72C406A01A88}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2891F86-D0F6-4C24-8EFC-A2B550FA9F7E}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1727D1-07A3-4290-95BD-F89361B75148}: NameServer = 85.255.113.91,85.255.112.9
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: hksrv.dll - {DBA2F5A9-F271-4473-8C7C-ACF2356CEC82} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

-----------------------------------------------------------

I hope this is enough information, or maybe I hope it's not too much

If someone could help, I would greatly appreciate it.

**VopThis** · 25-05-2007

Please uninstall the BETA version of HijackThis and install the version as per instructions here:

http://www.d-a-l.com/help/showthread.php?t=32403

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure ’Run fixit’ is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.

POSSIBLE ERROR MSG:
C:\WINDOWS\system32\AUTOEXEC.NT not there

You are missing a file which is preventing you from running the wareoutfix tool.

Go to the link below and select your operating system and click the link on that site and follow instructions for obtaining the missing file and try the wareoutfix tool again please.

fixautont.html: http://www.tech-forums.net/computer/topic/29806.html

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D23450-C3FD-42FB-A59A-72C406A01A88}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2891F86-D0F6-4C24-8EFC-A2B550FA9F7E}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1727D1-07A3-4290-95BD-F89361B75148}: NameServer = 85.255.113.91,85.255.112.9

O21 - SSODL: hksrv.dll - {DBA2F5A9-F271-4473-8C7C-ACF2356CEC82} - (no file)

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**zombelord** · 26-05-2007

I ran the FixWareOut and re-booted my computer. Here is the report:

Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
C:\WINDOWS\system32\{12F562B7-C62D-4B53-B560-62526B182C28}.exe Deleted
C:\WINDOWS\system32\{36346634-0A4B-4443-8BF9-0A30B7A844C0}.exe Deleted
C:\WINDOWS\system32\{46D6A608-601E-4EE4-B290-381571F6C4F3}.exe Deleted
C:\WINDOWS\system32\{4F03420C-B34E-4401-BE5D-E4CF08D0A93E}.exe Deleted
C:\WINDOWS\system32\{9146511A-DFBE-433C-BDF0-57D0387A2DF8}.exe Deleted
C:\WINDOWS\system32\{9930B21F-4671-4658-A50D-96B54E6FAAD9}.exe Deleted
C:\WINDOWS\system32\{BC8D79FB-35C7-40AC-BCBD-34E38AAFC361}.exe Deleted
C:\WINDOWS\system32\{E0EBE007-709A-4BBD-92B7-66284F789788}.exe Deleted
C:\WINDOWS\system32\{EA41D830-3A92-4912-A21E-8375A435540C}.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp. exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"setup"="rundll32.exe \"C:\\WINDOWS\\system32\\hdysgqsa.dll\",realset "

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

I ran Hijackthis and only the

O21 - SSODL: hksrv.dll - {DBA2F5A9-F271-4473-8C7C-ACF2356CEC82} - (no file)

was there.

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3D23450-C3FD-42FB-A59A-72C406A01A88}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2891F86-D0F6-4C24-8EFC-A2B550FA9F7E}: NameServer = 85.255.113.91,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED1727D1-07A3-4290-95BD-F89361B75148}: NameServer = 85.255.113.91,85.255.112.9

were not there.

Here is the most up-to-date Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 10:33:41 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://flredirect.e-officedirect.com...JonTerp1000779
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PsapiAnalyzer Object - {6D7D5679-4E81-430C-9C18-75FE169F1D07} - c:\windows\cursors\winlog.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\hdysgqsa.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166069465312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: nnnlijh - nnnlijh.dll (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O20 - Winlogon Notify: winlog - c:\windows\cursors\winlog.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

**VopThis** · 26-05-2007

Click here to download Dr.Web CureIt and save it to your desktop.

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, see if you can click the icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Post the Dr. Web CureIt Results.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: PsapiAnalyzer Object - {6D7D5679-4E81-430C-9C18-75FE169F1D07} - c:\windows\cursors\winlog.dll
O4 - HKLM\..\Run: [SETUP] rundll32.exe "C:\WINDOWS\system32\hdysgqsa.dll",realset

O20 - Winlogon Notify: nnnlijh - nnnlijh.dll (file missing)
O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll (file missing)
O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
O20 - Winlogon Notify: winlog - c:\windows\cursors\winlog.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FILES:

c:\windows\cursors\winlog.dll

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**zombelord** · 27-05-2007

Ok, I've done everything you've said. It's gotten rid of a lot of problems, but I still have a bunch of those tracking cookies.

--------------------------------------------------------
Here is my SBS&D Report:

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)

Clickbank: Tracking cookie (Firefox: default) (Cookie, nothing done)

DirectTrack: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)

Win32.Small.ddx: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)

DirectTrack: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)

Common Dialogs: History (27 files) (Registry key, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Cookie: Cookie (19) (Cookie, nothing done)

Cache: Cache (138) (Cache, nothing done)

Cookie: Cookie (896) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-12-08 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-04-18 advcheck.dll (1.5.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-05-23 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-05-23 Includes\DialerC.sbi
2007-04-04 Includes\Hijackers.sbi
2007-05-23 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-05-23 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2007-05-16 Includes\Malware.sbi
2007-05-23 Includes\MalwareC.sbi
2007-03-21 Includes\PUPS.sbi
2007-05-23 Includes\PUPSC.sbi
2007-05-23 Includes\Revision.sbi
2007-05-24 Includes\Security.sbi
2007-05-23 Includes\SecurityC.sbi
2007-05-23 Includes\Spybots.sbi
2007-05-23 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2007-05-16 Includes\Trojans.sbi
2007-05-23 Includes\TrojansC.sbi

---------------------------------------------------------

Is there anything I can do to get rid of those?

Here is my DrWeb-Cureit Report....well, the report is in a format that I can't open, so I hosted the file.

Go here to download it:
http://www.4shared.com/file/16718643...e3a/DrWeb.html

----------------------------------------------------
Finally, here is my Hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:00 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IOGEAR\Bluetooth Software\BTTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\IOGEAR\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zs\My Documents\Programs\Anti-Virus Programs\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://flredirect.e-officedirect.com...JonTerp1000779
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1166069465312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
----------------------------------------------------------

Thank you for your help so far VopThis. It's almost over

**VopThis** · 27-05-2007

Dr. Web LOG:[as reported]

winlog.dll;c:\windows\cursors;Trojan.Virtumod;Will be cured after reboot.;
hdysgqsa.dll;c:\windows\system32;Trojan.Virtumod;W ill be cured after reboot.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.71.1;Probably BACKDOOR.Trojan;Moved.;
Activate.dll;C:\Program Files\Registry Mechanic;Trojan.Click.2325;Deleted.;
A0125658.exe;C:\System Volume Information\_restore{A8C67F64-0050-45A8-A9B0-1486687232BA}\RP513;Trojan.DownLoader.22411;Delete d.;
A0125660.exe;C:\System Volume Information\_restore{A8C67F64-0050-45A8-A9B0-1486687232BA}\RP513;Trojan.MulDrop.6358;Deleted.;
A0125735.dll;C:\System Volume Information\_restore{A8C67F64-0050-45A8-A9B0-1486687232BA}\RP514;Trojan.Virtumod;Deleted.;
A0125736.dll;C:\System Volume Information\_restore{A8C67F64-0050-45A8-A9B0-1486687232BA}\RP514;Adware.Crew;Moved.;
A0127844.dll;C:\System Volume Information\_restore{A8C67F64-0050-45A8-A9B0-1486687232BA}\RP514;Trojan.Click.2325;Deleted.;
winlog.dll;C:\WINDOWS\Cursors;Trojan.Virtumod;Will be cured after reboot.;
dfcpr.dll;C:\WINDOWS\system32;Trojan.Spambot;Delet ed.;
hdysgqsa.dll;C:\WINDOWS\system32;Trojan.Virtumod;W ill be cured after reboot.;
nwmxcrvp.exe;C:\WINDOWS\system32;Trojan.Virtumod;D eleted.;
rhgdehai.dll;C:\WINDOWS\system32;Trojan.Virtumod;D eleted.;
Ldrdsb.exe;C:\WINDOWS\system32\Ldrdsb;Adware.Effba r;Moved.;

**zombelord** · 27-05-2007

K.

Is there a way I can get rid of my remaining problems?

**VopThis** · 27-05-2007

Your serious issues and popups appear to be neutralized.

(Cookie, nothing done)

Cookies are very low risk items. Fix the items found in Spybot. Such items should not normally return unless you go back to the sites that created such cookies.

Your system has an outdated version of Sun Java that could create serious security exposure issues for your PC.

Update your Java.

Older JAVA versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components.

Close any programs you may have running, ESPECIALLY your web browser
Click Start > Control Panel.
Click Add/Remove Programs.
Check any item with Java Runtime Environment (JRE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 11 or higher, and install it to your computer.

New Version should show as (HijackThis log):

C:\Program Files\Java\jre1.5.0_11\… or higher

**zombelord** · 27-05-2007

I can't download Java right now. Every time that I try to download it, it comes up with a page that says fatal error, so I can't download it. I'm not sure if it's something wrong with the site or if it's something else.

**VopThis** · 27-05-2007

I can't download Java right now.

Were you using 'Internet Explorer'? Try it again later if necessary.

Black Core Trojan And Other Things

Black Core Trojan And Other Things

Similar Threads

HP M8000 fires up but black blank screen, have tried a few things - kinda stumped...

whats the difference between core 2 duo and dual core ?? :D

Vista vs XP Pro...duo core vs quad core?

Dual Core and Single Core which is the best

Black Core Trojan