Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worried bitdefender isnt "Defending"


  • This topic is locked This topic is locked
2 replies to this topic

#1 TheRatchet

TheRatchet

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 03 September 2009 - 08:20 PM

Hi I have asus k40in laptop. I've only had it a few months but would like to keep it alive as long as possible.
I installed bitdefender right from the get-go but it only ever picks up a couple tracking cookies.
So i downloaded hijackthis but dont understand all the mumbo jumbo.
I also downloaded malwarebytes anti malware and did a quick scan, sure enough found a trojan.....
I've included both logs in my post. Let me know if you see anything suspicious

thanks in advance




malware log:
Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 6.0.6001 Service Pack 1

03/09/2009 6:06:24 PM
mbam-log-2009-09-03 (18-06-24).txt

Scan type: Quick Scan
Objects scanned: 82838
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOTkt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:00 PM, on 03/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32taskeng.exe
C:Program filesP4GBatteryLife.exe
C:Program FilesASUSASUS Live UpdateALU.exe
C:Program FilesASUSSmartLogonsensorsrv.exe
C:Program FilesCyberLinkPower2GoCLMLSvc.exe
C:Program FilesElantechETDCtrl.exe
C:Program FilesAmIcoSingLunAmIcoSinglun.exe
C:Program FilesASUSATK HotkeyHControlUser.exe
C:Program FilesASUSATKOSD2ATKOSD2.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesASUSATK MediaDMedia.exe
C:Program FilesASUSASUS Data Security ManagerADSMTray.exe
C:Program FilesAdobeReader 9.0Readerreader_sl.exe
C:Program FilesBitDefenderBitDefender 2009bdagent.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesManyCam 2.4ManyCam.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe
C:Windowsexplorer.exe
C:Windowssystem32Taskmgr.exe
C:Program FilesBitDefenderBitDefender 2009seccenter.exe
C:Program FilesPeerGuardian2pg2.exe
C:Windowssystem32SearchProtocolHost.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ca/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:ProgramDataPartnerpartner.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.1852swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2009IEToolbar.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [Microsoft Pinyin IME Migration] C:PROGRA~1COMMON~1MICROS~1IME12IMESCIMSCMIG.EXE /INSTALL
O4 - HKLM..Run: [CLMLServer] "C:Program FilesCyberLinkPower2GoCLMLSvc.exe"
O4 - HKLM..Run: [P2Go_Menu] "C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program FilesCyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [ETDWare] C:Program FilesElantechETDCtrl.exe
O4 - HKLM..Run: [AmIcoSinglun] C:Program FilesAmIcoSingLunAmIcoSinglun.exe
O4 - HKLM..Run: [HControlUser] C:Program FilesASUSATK HotkeyHControlUser.exe
O4 - HKLM..Run: [ATKOSD2] C:Program FilesASUSATKOSD2ATKOSD2.exe
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 - HKLM..Run: [Wireless Console 3] C:Program FilesASUSWireless Console 3wcourier.exe
O4 - HKLM..Run: [ATKMEDIA] C:Program FilesASUSATK MediaDMedia.exe
O4 - HKLM..Run: [ASUS Camera ScreenSaver] C:WindowsAsScrProlog.exe
O4 - HKLM..Run: [ADSMTray] C:Program FilesASUSASUS Data Security ManagerADSMTray.exe
O4 - HKLM..Run: [ACMON] C:Program FilesASUSSplendidACMON.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [BDAgent] "C:Program FilesBitDefenderBitDefender 2009bdagent.exe"
O4 - HKLM..Run: [BitDefender Antiphishing Helper] "C:Program FilesBitDefenderBitDefender 2009IEShow.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [LightScribe Control Panel] C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe -hidden
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [PeerGuardian] C:Program FilesPeerGuardian2pg2.exe
O4 - HKCU..Run: [ManyCam] "C:Program FilesManyCam 2.4ManyCam.exe"
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [SRS Premium Sound] "C:Program FilesSRS LabsSRS Premium SoundSRSPremiumSoundBig_Small.exe" /hideme
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:Program FilesASUSASUS Data Security ManagerADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:Program FilesCommon FilesBitDefenderBitDefender Arrakis ServerbinArrakis3.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:Program FilesASUSATK HotkeyASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:Program FilesATKGFNEXGFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: Partner Service - Google Inc. - C:ProgramDataPartnerpartner.exe
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:Program FilesSRS LabsSRS Premium SoundSRS_VolSync.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:Program FilesBitDefenderBitDefender 2009vsserv.exe

--
End of file - 8887 bytes

ran full scan with malwarebytes and found more infections.
what can I do to remove these completely?
Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 6.0.6001 Service Pack 1

03/09/2009 7:16:54 PM
mbam-log-2009-09-03 (19-16-54).txt

Scan type: Full Scan (C:|D:|)
Objects scanned: 209927
Time elapsed: 45 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOTTypeLib{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTCLSID{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMControlSet003Servicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicespartner service (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:ProgramDataPartnerpartner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:ProgramDataPartnerpartner.exe (Trojan.BHO) -> Quarantined and deleted successfully.

Merged posts. ~ OB

Edited by Orange Blossom, 04 September 2009 - 12:10 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 20 September 2009 - 09:03 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:24 PM

Posted 27 September 2009 - 06:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users