Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.vundo


  • Please log in to reply
2 replies to this topic

#1 Esme

Esme

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 September 2008 - 06:57 PM

My computer runs Windows Vista, and it's a Dell Inspiron1420. (laptop)

I've been experiencing some problems, such as popups, a very slow computer and errors. I eventually found out I had a trojan.vundo. I used a multitude of various virus removers, none of which did the trick. I got rid of the popups, but the slow computer is still there, along with my virus protection telling me I have viruses. I am also getting a RunDLL error: system32\ddcDsqnn.dll (could not be found)

I found a guide and tutorial for combofix, and then was lead here to show the log for some help. :thumbsup:

ComboFix 08-09-04.02 - Kara 2008-09-04 19:20:44.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1663 [GMT -4:00]
Running from: C:\Users\Kara\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\aotazj.dll
C:\Windows\system32\atxgener.dll
C:\Windows\system32\axjehnkl.dll
C:\Windows\system32\BeOXxyxx.ini
C:\Windows\System32\BeOXxyxx.ini2
C:\Windows\system32\btecwbsl.dll
C:\Windows\system32\cegwxjhx.dll
C:\Windows\System32\DNmpVCfe.ini
C:\Windows\System32\DNmpVCfe.ini2
C:\Windows\system32\dtinxoih.ini
C:\Windows\system32\dxeegduk.ini
C:\Windows\system32\ehxqgxtc.ini
C:\Windows\system32\eortlnwp.ini
C:\Windows\system32\frfyhdcv.ini
C:\Windows\System32\frfyhdcv.ini2
C:\Windows\System32\frfyhdcv.tmp
C:\Windows\system32\gdqfsafr.dll
C:\Windows\system32\geacsmgl.ini
C:\Windows\system32\goqnllos.dll
C:\Windows\system32\hsxvshcw.dll
C:\Windows\system32\hwmafqwn.dll
C:\Windows\system32\idaqitng.dll
C:\Windows\system32\itotltoq.dll
C:\Windows\system32\jptqelao.dll
C:\Windows\system32\jspveb.dll
C:\Windows\System32\jvbydlmw.ini
C:\Windows\system32\kdmwqdav.exe
C:\Windows\system32\kgxsgipe.exe
C:\Windows\system32\lckoxken.dll
C:\Windows\system32\lmnebm.dll
C:\Windows\system32\lvpapgix.dll
C:\Windows\system32\lxlyandv.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mpolhjvu.ini
C:\Windows\system32\mrdaxh.dll
C:\Windows\System32\nqydnjlv.ini
C:\Windows\system32\oaaibixx.dll
C:\Windows\system32\oaleqtpj.ini
C:\Windows\system32\ofngdcsq.ini
C:\Windows\system32\pmleqmmo.dll
C:\Windows\System32\PWxGNWEg.ini
C:\Windows\System32\PWxGNWEg.ini2
C:\Windows\system32\qscdgnfo.dll
C:\Windows\system32\qwnvyvnb.dll
C:\Windows\system32\rmlpisln.ini
C:\Windows\system32\rmvzvj.dll
C:\Windows\System32\rognfdjp.ini
C:\Windows\system32\trxfslox.ini
C:\Windows\System32\Uvuwayxx.ini
C:\Windows\System32\Uvuwayxx.ini2
C:\Windows\system32\vdnaylxl.dll
C:\Windows\system32\vxxlnvwl.ini
C:\Windows\system32\WEfNUwEg.ini
C:\Windows\System32\WEfNUwEg.ini2
C:\Windows\system32\wmldybvj.dll
C:\Windows\system32\wpcmnlfs.dll
C:\Windows\system32\xbjbaude.ini
C:\Windows\system32\xvsnfp.dll
C:\Windows\system32\xyautgyx.dll
C:\Windows\system32\yeqadtdx.dll
.
---- Previous Run -------
.
C:\Windows\System32\DNmpVCfe.ini
C:\Windows\System32\DNmpVCfe.ini2
C:\Windows\system32\dtinxoih.ini
C:\Windows\system32\fjqwnkad.dll
C:\Windows\system32\gmghmygh.dll
C:\Windows\system32\jruchpuw.dll
C:\Windows\system32\lbdxcsqy.dll
C:\Windows\system32\lllbmkpc.dll
C:\Windows\system32\lmhiwjrd.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nmcmovvo.dll
C:\Windows\system32\okrtorsf.dll
C:\Windows\system32\omiwrigu.dll
C:\Windows\system32\tuebeclu.dll
C:\Windows\system32\xajwcypo.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-04 23:09 --------- d-----w C:\Users\Kara\AppData\Roaming\BitTorrent
2008-09-04 20:32 --------- d-----w C:\Program Files\Ragnarok
2008-09-01 04:27 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-01 02:51 --------- d-----w C:\Users\Kara\AppData\Roaming\DNA
2008-09-01 02:22 --------- d-----w C:\Program Files\DNA
2008-08-18 15:31 --------- d-----w C:\Users\Kara\AppData\Roaming\LimeWire
2008-08-08 23:56 --------- d-----w C:\Program Files\Apple Software Update
2008-08-03 23:26 --------- d-----w C:\Program Files\In The Groove 2
2008-07-24 16:11 --------- d-----w C:\ProgramData\Trans Once Mess Frag
2008-03-31 11:44 186 ----a-w C:\Users\Kara\AppData\Roaming\wklnhst.dat
2007-12-31 22:05 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Up two"="C:\ProgramData\JumpHoldHold.0t8684" [X]
"mess frag body that"="C:\ProgramData\Math Rule Bone.2su86cs" [X]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-26 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-26 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-26 129560]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-17 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-12-31 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1AD22A6E-CFCC-4CA3-A07E-1B36E5D15193}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A59F0336-58C6-4F8D-B3A7-2D17D77EEC0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B45A17C9-D46F-400B-A23A-92D6A8E2F909}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7E7F1BDB-9669-4E9B-9416-E5B2F6B3426F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD660820-7D39-48EE-9327-AE3EDFE1F0BD}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{14908C70-EAFF-49A9-B201-07EB5D9CD4A1}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{4B417EFA-A0E4-4BFF-BAF1-ABF0F59961A3}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{A2A19384-E2CE-4182-B6AF-992B12E021FA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{77440994-7D3E-436E-BBB7-E469366636B4}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D43C9D3B-0B9E-41FE-BB65-88FAC7D1D172}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0ADFA4FC-C390-4E00-944F-81C7E3CAF836}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{A233A7BB-77AE-4708-9DE6-E7EA876DE138}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{1962B96E-D156-4087-953D-43F82A94734C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A27B98C6-CE74-4A52-8DBC-B8D7A6E91306}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{F601DAD7-12F9-4164-928E-E74CF58751D8}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2356185A-0700-4B9B-8C21-6E1F00207E11}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{12D4B603-1D44-44D4-BDB5-512CBFD40541}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B6117649-4285-4CF8-A734-FC6FF5200E84}C:\\program files\\in the groove 2\\program\\in the groove 2.exe"= UDP:C:\program files\in the groove 2\program\in the groove 2.exe:In The Groove 2
"UDP Query User{6F44D983-3CE4-4C50-8094-549A0D42A8DB}C:\\program files\\in the groove 2\\program\\in the groove 2.exe"= TCP:C:\program files\in the groove 2\program\in the groove 2.exe:In The Groove 2
"{9D2AF649-9716-4AF3-B7D9-24A9D3DBC494}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{9325E983-E7C4-4791-A91C-235440C4DD79}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{BA180141-8891-45E3-90EC-B0665794D891}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{3D181859-55EC-49EB-9C4D-EB922B262597}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 73728]
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 235520]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -

BHO-{0705D88C-723D-4B8F-A13D-818247D9E777} - C:\Windows\system32\nnNHyvUk.dll
BHO-{c461499a-f3eb-4b84-b6a9-51c549ab7e51} - C:\Windows\system32\hznshb.dll
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-PhotoShow Deluxe Media Manager - C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
HKLM-Run-MSServer - C:\Windows\system32\ddcDsqnn.dll
HKLM-RunOnce-@ - (no file)
ShellExecuteHooks-{A39F3CC6-5D6E-4A86-9295-6BD60D5C3471} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Kara\AppData\Roaming\Mozilla\Firefox\Profiles\lzigk05j.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ca
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 19:27:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-09-04 19:32:03 - machine was rebooted [Kara]
ComboFix-quarantined-files.txt 2008-09-04 23:31:49

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 147,118,374,912 bytes free

243 --- E O F --- 2008-06-08 21:57:19

BC AdBot (Login to Remove)

 


#2 Esme

Esme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 07 September 2008 - 01:02 PM

(I have a Dell Inspiron 1420 Laptop, running Windows Vista)
I've been having some troubles with my computer: it has been extremely slow and I've been getting popups and errors. The error I get now is: RunDLL Error: system32\ddcDsqnn.dll "could not be found"
Yesterday I did all those things listed in the "preparation guide" and I am now hear with my HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:06 PM, on 07/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0705D88C-723D-4B8F-A13D-818247D9E777} - C:\Windows\system32\nnNHyvUk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: {15e7ba94-5c15-9a6b-48b4-be3fa994164c} - {c461499a-f3eb-4b84-b6a9-51c549ab7e51} - C:\Windows\system32\hznshb.dll (file missing)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Up two] "C:\ProgramData\JumpHoldHold.0t8684"
O4 - HKLM\..\Run: [mess frag body that] "C:\ProgramData\Math Rule Bone.2su86cs"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ddcDsqnn.dll,#1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9442 bytes

Edited by Orange Blossom, 07 September 2008 - 06:15 PM.
Merged topics. ~ OB


#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:45 AM

Posted 21 September 2008 - 08:48 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users