Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Antivirus Couldn't Remove This Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 ahmedh

ahmedh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 21 July 2008 - 07:13 PM

Hello,



I've done a deep scan by BitDefender Antivirus 2008 in my laptop (Windows XP Pro) after noticing a very slow and freezing problems in my internet explorer and other programmes, or even opening folders. The whole system is being too slow. I think I have a virus called "Generic Virtob" that BitDefender fails to disinfect.

Overall scan summaryScanned items : 479785
Infected items : 649
Suspicious items : 0
Resolved items : 5
Individual viruses found : 432
Scanned directories : 9105
Scanned boot sectors : 10
Scanned archives : 13686
Input-output errors : 32
Scan time : 00:01:38:02
Files per second : 81

This is just a summary of the report of deep scan by BitDefener, I have the full report that shows everything in details.

Deckard's System Scanner v20071014.68
Run by SONY-VAIO on 2008-07-22 02:15:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-22 01:15:13 UTC - RP123 - Deckard's System Scanner Restore Point
3: 2008-07-22 01:09:52 UTC - RP122 - Installed Java™ 6 Update 7
2: 2008-07-21 11:03:07 UTC - RP121 - Installed NVIDIA PureVideo Decoder
1: 2008-07-21 09:35:41 UTC - RP120 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as SONY-VAIO.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:19:10, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\drivers\WDelMgr20.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SONY-VAIO\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SONY-VAIO.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vcl.vaio.sony.co.jp/eu/PforVAIO.htm
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware353\bin\Starware353.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Starware Recipe UK Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware353\bin\Starware353.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3998447600-3960282230-1276066023-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/...owserPlugin.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WDelMgr20 - Unknown owner - C:\WINDOWS\system32\drivers\WDelMgr20.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 14014 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NtFsLdf20 - c:\windows\system32\drivers\ntfsldf20.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 PrivateDisk - c:\windows\system32\drivers\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 VzFw (VAIO Entertainment File Import Service) - c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe
R2 WDelMgr20 - c:\windows\system32\drivers\wdelmgr20.exe
R3 Vcsw (VAIO Entertainment UPnP Client Adapter) - c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe -runbyscm


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 02:19:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 02:18:46 0 d-------- C:\Program Files\Trend Micro
2008-07-21 12:03:37 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-07-21 12:03:12 60416 --a------ C:\WINDOWS\system32\DSETUP.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-21 12:03:11 4608 --a------ C:\WINDOWS\system32\drivers\nvport.sys <Not Verified; NVIDIA Corporation.; Port Driver>
2008-07-21 12:03:11 671744 --a------ C:\WINDOWS\system32\DolbyHph.dll <Not Verified; Lake Technology Limited, http://www.lake.com.au; Dolby Headphone>
2008-07-21 12:03:11 0 d-------- C:\Program Files\NVIDIA Corporation
2008-07-21 08:25:45 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-21 00:36:28 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\DAEMON Tools Pro
2008-07-21 00:36:05 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-07-21 00:35:01 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-07-21 00:26:45 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-20 08:36:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-20 08:35:16 0 d-------- C:\Program Files\Apple Software Update
2008-07-20 08:35:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-20 08:32:40 0 d-------- C:\Program Files\QuickTime
2008-07-20 05:41:56 0 d-------- C:\Program Files\ACD Systems
2008-07-20 05:36:38 57344 --a------ C:\WINDOWS\system32\drivers\WDelMgr20.exe
2008-07-20 05:36:35 31342 --a------ C:\WINDOWS\system32\drivers\NtFsLdf20.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-07-20 05:33:33 0 d--hs---- C:\Drive Information
2008-07-20 05:32:45 0 d-------- C:\Program Files\FinalData
2008-07-20 03:56:57 0 d-------- C:\Program Files\East Imperial Soft
2008-07-20 03:44:48 0 d-------- C:\Program Files\OfficeRecovery
2008-07-19 10:43:44 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-07-19 10:39:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-07-19 10:36:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Starware353
2008-07-19 10:36:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-07-19 10:36:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-07-19 10:30:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitDefender
2008-07-19 08:13:48 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Help
2008-07-13 23:44:26 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\ACD Systems
2008-07-13 23:42:39 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-13 23:42:36 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-07-13 23:42:06 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-07-13 23:40:52 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-10 21:59:53 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\EndNote
2008-07-10 21:44:17 0 d-------- C:\Program Files\Common Files\Risxtd
2008-07-10 21:44:13 0 d-------- C:\Program Files\Common Files\Thomson ResearchSoft
2008-07-10 21:42:20 0 d-------- C:\Program Files\EndNote X1
2008-07-10 21:41:35 0 d-------- C:\WINDOWS\87F7773CEC9C461AAA7B4AF8EF54DF49.TMP
2008-07-08 22:02:54 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\uTorrent
2008-07-05 18:58:31 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\PlayFirst
2008-07-05 18:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-05 18:57:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-05 18:53:39 203776 --a------ C:\WINDOWS\system32\clrviddc.dll <Not Verified; Iterated Systems, Inc.; ClearVideo Decoder DLL>
2008-07-05 18:49:41 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-05 18:42:42 0 d-------- C:\Program Files\Common Files\Real
2008-07-05 18:42:40 0 d-------- C:\Program Files\Real
2008-07-05 18:42:12 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Real
2008-07-05 17:58:31 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-05 17:53:37 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-05 17:53:34 0 d-------- C:\Program Files\NOS
2008-07-05 17:42:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-05 14:28:48 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-05 13:40:24 0 d-------- C:\Program Files\Messenger Plus! Live
2008-07-05 12:13:45 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-05 11:32:10 0 d--hs---- C:\WINDOWS\CSC
2008-07-04 17:41:27 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-04 17:41:24 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-04 17:41:24 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-04 17:41:23 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-04 17:41:23 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-04 17:41:23 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-04 17:41:23 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-04 17:41:22 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-04 17:41:20 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-04 16:19:17 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\IDM
2008-07-04 16:19:16 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\DMCache
2008-07-04 16:19:08 0 d-------- C:\Program Files\Internet Download Manager
2008-07-03 23:10:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\HP
2008-07-03 23:02:01 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-03 22:58:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-07-03 22:58:37 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-03 22:57:13 0 d-------- C:\Program Files\Common Files\HP
2008-07-03 22:52:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-07-03 22:50:23 0 d-------- C:\WINDOWS\system32\URTTemp
2008-07-03 22:47:54 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-03 22:42:13 5389 -----n--- C:\WINDOWS\hpomdl06.dat
2008-07-03 22:42:13 88437 --a------ C:\WINDOWS\hpoins06.dat
2008-07-03 22:08:39 0 d-------- C:\Program Files\HP
2008-07-03 21:58:29 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\HP
2008-07-03 02:31:25 0 d-------- C:\Program Files\DivX
2008-07-03 01:35:07 0 d-------- C:\Program Files\Mayoko
2008-07-02 21:42:47 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-02 16:57:45 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Starware353
2008-07-02 16:57:43 0 d-------- C:\Program Files\Starware353
2008-07-02 16:57:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Starware353
2008-06-28 23:48:24 0 d-------- C:\Program Files\MSBuild
2008-06-28 23:36:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-27 23:45:37 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 23:45:36 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\skypePM
2008-06-27 23:44:43 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Skype
2008-06-27 14:14:11 0 d-------- C:\Program Files\Skype
2008-06-27 14:14:11 0 d-------- C:\Program Files\Common Files\Skype
2008-06-27 14:14:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-24 11:08:21 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-06-24 11:08:21 0 dr------- C:\Documents and Settings\LocalService\My Documents


-- Find3M Report ---------------------------------------------------------------

2008-07-22 02:11:34 0 d-------- C:\Program Files\Java
2008-07-22 02:05:26 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Sun
2008-07-21 12:03:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 17:06:13 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Sony Corporation
2008-07-13 23:42:36 0 d-------- C:\Program Files\Common Files
2008-07-05 18:21:05 0 d-------- C:\Program Files\The KMPlayer1431
2008-07-05 17:57:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-05 13:07:50 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-05 13:03:00 0 d-------- C:\Program Files\Windows Live
2008-07-05 11:32:36 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\AdobeUM
2008-07-04 15:53:58 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Adobe
2008-07-03 23:56:37 0 d-------- C:\Program Files\FlashGet
2008-06-28 23:48:38 0 d-------- C:\Program Files\Microsoft Works
2008-06-19 23:24:47 0 d-------- C:\Program Files\uTorrent
2008-06-16 08:11:00 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 22:37:43 0 d-------- C:\Program Files\Symantec
2008-06-15 22:37:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-15 21:34:46 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\Bitdefender
2008-06-15 21:34:31 0 d-------- C:\Program Files\Common Files\BitDefender
2008-06-15 21:34:18 0 d-------- C:\Program Files\BitDefender
2008-06-15 21:23:21 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-06-15 21:03:52 0 d-------- C:\Documents and Settings\SONY-VAIO\Application Data\URSoft
2008-06-15 20:01:59 0 d-------- C:\Program Files\Sony
2008-05-09 23:52:16 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
11/06/2008 22:33 75128 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]
C:\Program Files\Starware353\bin\Starware353.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/02/2005 06:31]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [07/11/2003 09:21]
"Alcmtr"="ALCMTR.EXE" [13/10/2004 08:00 C:\WINDOWS\ALCMTR.EXE]
"Mouse Suite 98 Daemon"="ICO.EXE" [14/03/2002 17:46 C:\WINDOWS\system32\ico.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [14/01/2005 17:18]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [20/02/2004 15:12]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [20/01/2005 21:24]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [25/01/2007 20:41]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/07/2008 16:25]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [19/09/2006 09:07]
"msnsyslog"="C:\WINDOWS\msnlogm.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12/06/2008 02:38]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [20/07/2008 08:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [30/05/2008 13:50]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" []

C:\Documents and Settings\SONY-VAIO\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [08/04/2008 12:03:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 18/01/2005 13:48 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57e14569-0558-11dd-9748-806d6172696f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4941198-10ae-11dd-9762-0013ce0fcc0c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command- Recycled\ctfmon.exe

*Newly Created Service* - 40C276BE
*Newly Created Service* - D6A6C417



-- End of Deckard's System Scanner: finished at 2008-07-22 02:20:23 ------------






Could you please help me to clean my system? :thumbsup:



Regards,

Ahmad

Moved back to HJT forum after Ahmad edited adding in DSS logs. ~ OB

Attached Files


Edited by Orange Blossom, 21 July 2008 - 08:37 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:41 AM

Posted 07 August 2008 - 10:28 AM

Hello, ahmedh.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:41 AM

Posted 10 August 2008 - 05:03 PM

Hello, ahmedh.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users