Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Hijackthis and Spy Sweeper help
   
BullGuard Antivirus Forum > Virus > Alerts & New Threats > Hijackthis and Spy Sweeper help  
Forum Quick Jump
 
New Topic Post reply to : Hijackthis and Spy Sweeper help Printable version of : Hijackthis and Spy Sweeper help
[ << Previous Thread | Next Thread >> ]

canwetalk
New Member


Date Joined Apr 2008
Total Posts : 1
  		   Posted 4-1-2008 6:38 (GMT +1)    Quote: Hijackthis and Spy Sweeper helpAlert an admin about: Hijackthis and Spy Sweeper help
Hello I hope someone can help with a serious problem. I have SpywareBlaster installed, I've ran several different anit-virus programs(not all at one time) Bitdefender, Avg, and a couple of others. Have also ran other programs such as Sypbot Search and Destroy, Syware Doctor, Spy-Sweeper, Superantispyware and others.
My problem is no matter what I run Spy-Sweeper continues to find the items below even after nothing is found by the other programs. However I can not use Spy Sweeper to try and remove the items because it is the scan only version. Below are the item Spy Sweeper keeps reporting...

HKU\WRSS_Profile_S-1-5-21-606747145-484763869-1060284298-1004\software\bifrost\ (ID = 2075579)
Found Trojan Horse: trojan-backdoor-bifrose
HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (ID = 107005)
HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (ID = 106999)
Found Adware: coolsavings
C:\WINDOWS\system32\Smab0.dll (ID = 1330755)
Found Trojan Horse: trojan.gen

I found the Smab0.dll and have been able to delete it, however I still have not been able to locate the other items.
So someone suggested I run hijackthis and post the log here to see if someone can offer any other advice and such. Here is my logfile. Thank you for any and all help you can provide.


Logfile of HijackThis v1.99.1
Scan saved at 6:44:59 AM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Comodo\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
G:\PROGRA~1\AVG\AVG8\avgam.exe
G:\PROGRA~1\AVG\AVG8\avgrsx.exe
G:\PROGRA~1\AVG\AVG8\avgnsx.exe
G:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
F:\Program Files\Comodo\cfp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Documents and Settings\justlikeadream\My Documents\Utilities\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - F:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [BDAgent] "F:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\cfp.exe" -h
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - G:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - G:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - F:\Program Files\Comodo\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13619
  		   Posted 4-1-2008 6:52 (GMT +1)    Quote: Hijackthis and Spy Sweeper helpAlert an admin about: Hijackthis and Spy Sweeper help
Hello canwetalk scool
 
 
 
Click here - ->>  Before posting a log 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT  in this topic
 
 
Please note, it is a newer version of hijackthis you´ll have to download and run

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Post reply to : Hijackthis and Spy Sweeper help Printable version of : Hijackthis and Spy Sweeper help
 
Forum Information
Currently it is Friday, November 21, 2008 2:46 PM (GMT +1)
There are a total of 63.988 posts in 15.829 threads.
In the last 3 days there were 34 new threads and 167 reply posts. View Active Threads
Who's Online
This forum has 27186 registered members. Please welcome our newest member, Kerrloveswilly.
46 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Virus issues- please help (9)21-11-2008 13:35:37 (digi)
Problem with update (1)21-11-2008 13:21:31 (nonubik)
Bullguard quits scanning after 6200 files (1)21-11-2008 13:16:21 (nonubik)
Malware.Trace / Trojan.Vundo - PLEASE HELP CAN'T REMOVE!! (12)21-11-2008 11:33:34 (Touch)
Can anyone help with this (1)21-11-2008 10:34:02 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard