Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

calc.dll not a valid image


  • This topic is locked This topic is locked
2 replies to this topic

#1 Karamonz

Karamonz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:34 PM

Posted 29 November 2009 - 08:33 AM

Been having alot of trouble here lately, being locked out of the internet, Bitdefender being disabled. Heres my hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:35 PM, on 11/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement

Pack\SeaPort\SeaPort.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update

Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Marvell\61xx\tray\zRaidTray.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product

Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.plusnetwork.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) -

{00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: C:\WINDOWS\system32\e3srxx.dll -

{B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program

Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE

/AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift

Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32

C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32

C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer]

KHALMNPR.EXE
O4 - HKLM\..\Run: [Microsoft FrameNet 13] c:\kuqjpscl.exe
O4 - HKLM\..\Run: [calc] rundll32.exe

C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program

Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program

Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME

2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program

Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [jsh87r3huiehf89esiudgd]

C:\DOCUME~1\DALLAS~1\LOCALS~1\Temp\kzwrxnn.exe
O4 - HKCU\..\Run: [calc] rundll32.exe

C:\DOCUME~1\DALLAS~1\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P]

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.e

xe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Dallas &

Tajah\reader_s.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program

Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup]

C:\WINDOWS\ccdrive32.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program

Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MarvellTrayStartup.lnk = C:\Program

Files\Marvell\61xx\tray\RaidTray.bat
O4 - Startup: Product Registration.lnk = C:\Program Files\Common

Files\LogiShared\eReg\SetPoint\eReg.exe
O4 - Startup: scandisk.lnk = ?
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program

Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search -

http://edits.mywebsearch.com/toolbaredits/....jhtml?p=GRfox0

00
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...AClient.cab5690

7.cab
O22 - SharedTaskScheduler: jkshf8a3rudbfa873fudfhbdugf87whjdb -

{B45A4B16-23F2-41AD-F4E4-00AAC39C0004} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner -

C:\Program Files\Common Files\Softwin\BitDefender Scan

Server\bdss.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen)

- B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) -

SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender

Update Service\livesrv.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown

owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software

Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: My Web Search Service (MyWebSearchService) -

MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket

Division Software - C:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindServiceAE.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom

HOME 2\TomTomHOMEService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. -

C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L -

C:\Program Files\Common Files\Softwin\BitDefender

Communicator\xcommsvr.exe

--
End of file - 10199 bytes


Any help would be greatly appreciated

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 10 December 2009 - 10:55 AM

Hi,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following logs:
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 15 December 2009 - 11:31 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users