Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan.vundo.dzk


  • This topic is locked This topic is locked
13 replies to this topic

#1 taylor88

taylor88

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 02 March 2008 - 11:30 PM

Ok followed the steps to get here etc. Infected with bit defender called as Vundo.DZK

Here is the logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:05 PM, on 3/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\James\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\James\AppData\Local\Temp\mllmm.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\James\AppData\Local\Temp\awvvv.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\James\AppData\Local\Temp\lbhrlcpb.dll",run
O4 - HKCU\..\Run: [544b7e5b] rundll32.exe "C:\Users\James\AppData\Local\Temp\lqpejjbv.dll",b
O4 - HKCU\..\Run: [BM57784dc7] Rundll32.exe "C:\Users\James\AppData\Local\Temp\nwsdpgpx.dll",s
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{129AE8B7-6C3E-4228-A59F-E3C52294DBA1}: NameServer = 202.137.160.45 202.137.160.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{129AE8B7-6C3E-4228-A59F-E3C52294DBA1}: NameServer = 202.137.160.45 202.137.160.46
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 8827 bytes


Your help is very, very much appreciated

BC AdBot (Login to Remove)

 


#2 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 03 March 2008 - 04:52 AM

Update: Not sure if this helps but I did another bitdefender deep scan (done a fair few now).


//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 03/03/2008 17:16:22
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 14619
Files : 419445
Memory processes scanned : 68
Archives : 4774
Runtime packers : 44560
Identified viruses : 4
Infected files : 17
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 3
Moved files : 13
I/O errors : 56
Scan time : 01:03:03
Scan speed (files/sec) : 110

Spyware Statistics

Registry keys scanned : 397
Registry keys infected : 0
Cookies scanned : 16
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 984934
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\deep_scan\1204528582.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYL6XLJ7\cmp638[1] Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYL6XLJ7\cmp638[1] Disinfection failed
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYL6XLJ7\cmp638[1] Moved
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y61WC62O\tr[1] Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y61WC62O\tr[1] Disinfection failed
C:\Users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y61WC62O\tr[1] Moved
C:\Users\James\AppData\Local\Temp\awvvv.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\awvvv.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\awvvv.dll Move failed
C:\Users\James\AppData\Local\Temp\cacyljrd.dll Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Temp\cacyljrd.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\cacyljrd.dll Moved
C:\Users\James\AppData\Local\Temp\diqmfmfk.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\diqmfmfk.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\diqmfmfk.dll Moved
C:\Users\James\AppData\Local\Temp\fnxybpcj.dll Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Temp\fnxybpcj.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\fnxybpcj.dll Moved
C:\Users\James\AppData\Local\Temp\fwimranp.dll Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Temp\fwimranp.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\fwimranp.dll Moved
C:\Users\James\AppData\Local\Temp\idcnbgbi.dll Infected: Trojan.Vundo.EAE
C:\Users\James\AppData\Local\Temp\idcnbgbi.dll Deleted
C:\Users\James\AppData\Local\Temp\kgrwfdxs.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\kgrwfdxs.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\kgrwfdxs.dll Moved
C:\Users\James\AppData\Local\Temp\lqnadkdt.dll Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Temp\lqnadkdt.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\lqnadkdt.dll Moved
C:\Users\James\AppData\Local\Temp\lxlpvkmc.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\lxlpvkmc.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\lxlpvkmc.dll Moved
C:\Users\James\AppData\Local\Temp\mnrnbgdj.dll Infected: Trojan.Vundo.EAE
C:\Users\James\AppData\Local\Temp\mnrnbgdj.dll Deleted
C:\Users\James\AppData\Local\Temp\nwsdpgpx.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\nwsdpgpx.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\nwsdpgpx.dll Moved
C:\Users\James\AppData\Local\Temp\nyyacova.dll Infected: Trojan.Vundo.DZK
C:\Users\James\AppData\Local\Temp\nyyacova.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\nyyacova.dll Moved
C:\Users\James\AppData\Local\Temp\otxpepdc.dll Infected: Trojan.Vundo.DZQ
C:\Users\James\AppData\Local\Temp\otxpepdc.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\otxpepdc.dll Moved
C:\Users\James\AppData\Local\Temp\vgdmcsym.dll Infected: Trojan.Vundo.DWB
C:\Users\James\AppData\Local\Temp\vgdmcsym.dll Disinfection failed
C:\Users\James\AppData\Local\Temp\vgdmcsym.dll Moved
C:\Users\James\AppData\Local\Temp\vsmoelwa.dll Infected: Trojan.Vundo.EAE
C:\Users\James\AppData\Local\Temp\vsmoelwa.dll Deleted


Please help as I cannot use windows explorer before it crashes

Edit: I have tried to use the program FixVundo but I don't have administrator right (even though this is my computer and I thought I was.....) and it doesn't allow me to goto control panel etc to fix any of this.

Also tried VundoFix and it found nothing.

Edited by taylor88, 03 March 2008 - 09:07 AM.


#3 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 15 March 2008 - 09:14 AM

Hi,

1. Download this file -
ComboFix
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

jedi

#4 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 17 March 2008 - 07:18 PM

ComboFix 08-03-17.1 - James 2008-03-18 10:14:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1106 [GMT 10:00]
Running from: C:\Users\James\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\Windows\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-18 00:15 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-03-17 23:59 100,102 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_03_17_16_51_14_small.dmp.zip
2008-03-17 23:58 --------- d-----w C:\Program Files\Steam
2008-03-17 23:54 421,728 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-03-17 23:54 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-03-17 07:09 27,839 ----a-w C:\Users\James\AppData\Roaming\nvModes.dat
2008-03-13 00:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-12 04:24 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-08 15:09 2,071,552 ----a-w C:\Windows\Internet Logs\xDBF4FE.tmp
2008-03-08 15:09 1,359,872 ----a-w C:\Windows\Internet Logs\xDBF974.tmp
2008-03-08 03:54 1,359,872 ----a-w C:\Windows\Internet Logs\xDB8FDC.tmp
2008-03-08 03:39 --------- d-----w C:\Program Files\iTunes
2008-03-08 03:39 --------- d-----w C:\Program Files\iPod
2008-03-08 03:37 --------- d-----w C:\Program Files\QuickTime
2008-03-05 23:50 --------- d-----w C:\Users\James\AppData\Roaming\vlc
2008-03-05 23:48 --------- d-----w C:\Program Files\VideoLAN
2008-03-04 07:10 0 ----a-w C:\ntuser.dat
2008-03-04 06:52 --------- d-----w C:\ProgramData\CheckPoint
2008-03-04 06:52 --------- d-----w C:\Program Files\Zone Labs
2008-03-03 11:30 --------- d-----w C:\Users\James\AppData\Roaming\HLSW
2008-03-03 03:57 --------- d-----w C:\ProgramData\Lavasoft
2008-03-03 03:56 --------- d-----w C:\Program Files\Lavasoft
2008-03-03 03:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 05:17 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-28 04:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 05:24 --------- d-----w C:\Users\James\AppData\Roaming\Bitdefender
2008-02-26 03:55 --------- d-----w C:\ProgramData\BitDefender
2008-02-26 03:54 --------- d-----w C:\Program Files\Common Files\Softwin
2008-02-26 03:53 --------- d-----w C:\Program Files\Softwin
2008-02-26 03:51 --------- d-----w C:\ProgramData\Symantec
2008-02-26 03:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 02:30 --------- d-----w C:\Program Files\Symantec
2008-02-25 14:43 --------- d-----w C:\ProgramData\PopCap Games
2008-02-25 14:43 --------- d-----w C:\Program Files\PopCap Games
2008-02-24 09:30 --------- d-----w C:\Program Files\Microsoft Works
2008-02-24 09:28 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 10:02 --------- d-----w C:\Users\James\AppData\Roaming\SystemRequirementsLab
2008-02-21 09:58 --------- d-----w C:\ProgramData\NVIDIA
2008-02-21 09:47 --------- d-----w C:\Program Files\Java
2008-02-21 09:44 --------- d-----w C:\Program Files\Common Files\Java
2008-02-21 09:09 --------- d-----w C:\Program Files\Oblivion
2008-02-18 05:53 --------- d-----w C:\Users\James\AppData\Roaming\My Battle for Middle-earth™ II Files
2008-02-17 17:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-14 04:37 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 04:37 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 04:33 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 04:33 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 04:33 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 04:33 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 04:33 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 04:33 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 04:33 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 04:32 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 04:32 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 04:32 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 04:32 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 04:32 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 04:32 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 04:32 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 04:32 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 04:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 04:32 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 04:32 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 04:29 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 04:29 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 04:29 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 04:29 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 14:23 --------- d-s---w C:\Program Files\HLSW
2008-01-28 04:42 --------- d-----w C:\Program Files\Windows Calendar
2008-01-24 17:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-23 13:25 --------- d-----w C:\Users\James\AppData\Roaming\ScanSoft
2008-01-23 13:25 --------- d-----w C:\ProgramData\ScanSoft
2008-01-23 13:25 --------- d-----w C:\ProgramData\InstallShield
2008-01-23 13:25 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-01-23 13:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-23 13:24 --------- d-----w C:\Program Files\ScanSoft
2008-01-23 09:36 --------- d-----w C:\Program Files\Canon
2008-01-23 09:35 --------- d--h--w C:\ProgramData\CanonBJ
2008-01-23 09:33 --------- d--h--w C:\Program Files\CanonBJ
2008-01-11 01:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 17:31 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2007-12-22 09:31 174 --sha-w C:\Program Files\desktop.ini
2007-12-22 09:25 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-22 09:25 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-22 09:25 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-22 09:25 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-22 09:25 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-22 09:25 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-22 09:25 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-22 09:25 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-22 09:24 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-22 09:24 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-22 09:24 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-22 09:24 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-22 09:24 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-22 09:24 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-12-22 09:24 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-22 09:22 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-22 09:21 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-22 09:21 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-15 06:20 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 11:25 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 22:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2007-12-22 17:52 1266936]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 12:30 2295072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-22 19:23 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 17:50 4374528 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 13:58 815104]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 07:48 479232]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 02:50 1603152]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 13:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 13:06 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 13:06 81920]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 15:48 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 14:49 69632]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 03:31 959976]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{2D43FB78-01ED-4FB7-8E3E-375F6164E484}E:\\games\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:E:\games\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{643EF2BE-7961-4BF4-BDE5-5DA2A5B4DC52}E:\\games\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:E:\games\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"{D6E5E56B-BB19-49A4-A5ED-8CE838F293FD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{458DB838-C98B-4CEC-BADA-A49D8817DA2A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C07C3A92-DE6A-4507-BB0E-99E44AD4A1F1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{729C0D65-B637-452D-9728-657690F104AC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5950014B-2ABA-410B-9FFE-3EFAF57B43FE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{73ACDE8C-FEB7-4EAC-824D-B1B03C1DF387}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\jt1088@hotmail.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{544E0485-0641-4161-929C-CAAE4A00A031}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\jt1088@hotmail.com\half-life\hl.exe:Half-Life Launcher
"TCP Query User{ADC9F303-1959-4271-B4BF-058C3B95C4A2}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\jt1088@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{97EC147F-ED6F-43B7-BEBA-6D5C7325005A}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\jt1088@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{7410650E-8FF4-45B2-8437-3AA7993B1B4C}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\jt1088@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{AFA1061C-AB73-4CA0-9035-09AC56C0C176}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\jt1088@hotmail.com\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{33E587D2-16C1-406E-84FE-4F1602D3A8C8}C:\\program files\\hlsw\\hlsw.exe"= UDP:C:\program files\hlsw\hlsw.exe:HLSW Application
"UDP Query User{7CEB2F4B-8581-41DB-8EC6-35DFEE37FB80}C:\\program files\\hlsw\\hlsw.exe"= TCP:C:\program files\hlsw\hlsw.exe:HLSW Application
"TCP Query User{DFFE4D9D-9F03-4F03-A1FF-0147BB92CF94}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\half-life\\hl.exe"= UDP:C:\program files\steam\steamapps\jt1088@hotmail.com\half-life\hl.exe:Half-Life Launcher
"UDP Query User{58F0FF27-57EA-4120-A889-CC0C9BFF8FD4}C:\\program files\\steam\\steamapps\\jt1088@hotmail.com\\half-life\\hl.exe"= TCP:C:\program files\steam\steamapps\jt1088@hotmail.com\half-life\hl.exe:Half-Life Launcher
"{A1A4FF06-6F05-47F5-BCC2-C35264E7C589}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{88D9A0CB-4A64-41DF-B86F-BE2ACC40776D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-08 14:29]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-08 14:24]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-08 14:27]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-11 14:48]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 17:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46666feb-df71-11dc-a7a8-001641dedccc}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1e7e43-b685-11dc-9d69-001641dedccc}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Installation.Instructions--READ!.txt


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 11:22:42 C:\Windows\Tasks\User_Feed_Synchronization-{1D6315C9-4415-45CC-B66A-6A537C081B4A}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 10:15:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 10:16:22
.
2008-03-16 07:11:21 --- E O F ---

#5 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 18 March 2008 - 05:27 AM

Hi again,

OK, it looks like BitDefender removed the infection, but let's run another scan:

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols.shtml

Scroll to the bottom of the page, and click Start Scan.

When prompted, choose to install the software. After the software has installed, click Accept. Click Custom Scan and check the option for Scan inside archives, then click Start. The necessary databases will then be downloaded, and the scan will then start automatically.

Please be patient as this scan will take a while to complete. If any infections are found then once the scan has finished, the "cleaning" screen will be displayed.

Choose Automatic cleaning (recommended).After cleaning has finished, then the Finish screen will be displayed.

Choose Show Report. In order to post the report, press CTRL+A on your keyboard to highlight all the text.

Then copy and paste that information into this thread.

Please also post a new HiJackThis log.

jedi

#6 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 March 2008 - 02:33 AM

I followed the steps but when I click to accept the terms of the scanner it gives me an error saying to close and retry (which I have done a few times, including after a restart). So I couldn't complete the scan.

#7 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 20 March 2008 - 05:17 AM

OK, see if this one will run, it should do!

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi

Edited by jedi, 20 March 2008 - 05:18 AM.


#8 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 March 2008 - 09:33 AM

BitDefender Online Scanner - Real Time Virus Report







Generated at: Fri, Mar 21, 2008 - 00:32:08









Scan Info







Scanned Files


563559

Infected Files


0















Virus Detected







No virus found.

























This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.




Looks good, thanks for your helpful and speedy replies jedi, I'll do one last scan tonight before I sleep and post the logs :thumbsup:

#9 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 21 March 2008 - 03:59 AM

Hi again,

Yes, it looks like you're clean, post one last hiJackThis log for a last check.

jedi

#10 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 March 2008 - 09:42 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:51 PM, on 22/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\James\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{129AE8B7-6C3E-4228-A59F-E3C52294DBA1}: NameServer = 202.137.160.45 202.137.160.46
O17 - HKLM\System\CS1\Services\Tcpip\..\{129AE8B7-6C3E-4228-A59F-E3C52294DBA1}: NameServer = 202.137.160.45 202.137.160.46
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9445 bytes

#11 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 22 March 2008 - 03:34 AM

Hi again,

Yes, that looks like a clean log. :thumbsup:

jedi

#12 taylor88

taylor88
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 25 March 2008 - 09:04 PM

Thanks for all your help, my computer is normal again! Out of interest is combo fix only for fixing problems (As the name suggests) or for scanning purposes?

Taylor88

#13 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 26 March 2008 - 03:49 AM

Hi again,

You're welcome. :thumbsup:

Combofix does, as the name suggests, fix a lot of problems, but the report it produces is also extremely useful for analysis purposes. It is, however, not really an entry-level tool and I don't recommend anybody using it unsupervised.

jedi

#14 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 31 March 2008 - 09:20 AM

Since your problem appears to be resolved,this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users