Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans, Rootless Trojan!


  • Please log in to reply
7 replies to this topic

#1 dmanley

dmanley

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 18 December 2006 - 01:20 PM

Hello,

Don't know where this started but i believe it started when I tried to install a few app that would convert a movie to play on an Ipaq. Never found teh source of teh problem but I have removed all those apps since.
BitDefender is only holding back teh tyde at the moment, Ad-Aware picks up different things every so often, spybot also pick up different stuff, 888bar being one of them but I have gone throuoght teh process of removing that and being successful but then after a while spybot pickes it up again.
Blaster-Virus scanner was one of tehm in teh begining but i got that out I believe

The issues are many,
> Crashes with out warning,
> BitDefender finding Virus and trojns but not actually cleaning system (I had norton internet security but it was not up to the task at all)
> IE will not work as of yesterday
> Every so often explorer wont work, when I try to open it such as windows key + E it just crashes explorer.exe and then restartes with out actuall giving the GUI of explorer,
> Slow performance but thats the least of my worries!

This is teh list of files in quarantine at the moment:
Trojan .Renos .FW
Trojan.Agent.ACL
Trojan .Diaer .RO
Trojan .Downloader Agent .ZZ
Trojan Juan .A
Trojan.Agent.ACL
Trojan.Dialer.RO
Trojan .Klone .H

Here is my Hijackthis log, hopefully someone will be able to help!

Happy Christmas!

Derry


Logfile of HijackThis v1.99.1
Scan saved at 17:55:21, on 18/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Utilities\LogMeIn\RaMaint.exe
D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Security\BitDefender8\bdoesrv.exe
D:\program files\security\bitdefender8\bdnagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\PROGRA~1\UTILIT~1\MICROS~1\rapimgr.exe
D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\01\Temp\01\muBlinder.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Program Files\Web\Browser\Opera\Opera.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Security\BitDefender8\vsserv.exe
d:\program files\security\bitdefender8\bdmcon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Utilities\Explorer\FolderSizes\FolderSizes.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MADQ
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Security\BitDefender8\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "d:\program files\security\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Security\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\mcaishrp.dll",setvm
O4 - HKCU\..\Run: [PcSync] D:\Program Files\Utilities\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Utilities\Nero\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [IMTray] "D:\Program Files\Utilities\InterMapper\IMTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to muBlinder.exe.lnk = E:\01\Temp\01\muBlinder.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office\MS\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用脱兔下载 - C:\Documents and Settings\DManley\update\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Documents and Settings\DManley\update\TT_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\MS\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)
O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132948949458
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150231350391
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Security\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 18 December 2006 - 01:30 PM

Empty the quarantine

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 dmanley

dmanley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 19 December 2006 - 12:19 PM

Here is Spy Sweeper

trojan agent winlogonhook
virtumonde
vs toolbar
trojan-downloader-zlob virusburst
prosearch.com hijack mediaplex cookie
tacoda cookie
webtrends cookie
reliablestats cookie
yieldmanager cookie touchclarity cookie
about cookie
overture cookie
2o7.net cookie

Could not actually get a copy of the report, so this is what is quarantined. (do you know how I can get access to a spysweeper report)

Here is Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:07:08, on 19/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Utilities\LogMeIn\RaMaint.exe
D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe
D:\Program Files\Security\BitDefender8\bdoesrv.exe
D:\program files\security\bitdefender8\bdnagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\UTILIT~1\MICROS~1\rapimgr.exe
D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
E:\01\Temp\01\muBlinder.exe
C:\Program Files\Spy Sweeper\SSU.EXE
D:\Program Files\Web\Browser\Opera\Opera.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Security\BitDefender8\vsserv.exe
d:\program files\security\bitdefender8\bdmcon.exe
D:\Program Files\Office\MS\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MADQ
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - (no file)
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\hbllndcr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Security\BitDefender8\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "d:\program files\security\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Security\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\mcaishrp.dll",setvm
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [PcSync] "D:\Program" Files\Utilities\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Utilities\Nero\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [IMTray] "D:\Program Files\Utilities\InterMapper\IMTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to muBlinder.exe.lnk = E:\01\Temp\01\muBlinder.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office\MS\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用脱兔下载 - C:\Documents and Settings\DManley\update\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Documents and Settings\DManley\update\TT_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\MS\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)
O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132948949458
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150231350391
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: winafd32 - winafd32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Security\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)





P.S. thank you for your fast reply, sorry for my slow reply.
Spy Sweeper was tricky to update. Kept telling me it was but then saying it wasn't.
Also when you've no explorer it can be difficult. Thank god for AB Commander and opera!!!

I'm off on holidays for Christmas for a week so I will not be able to reply until then. But at the moment spy sweeper has done a great temporary job!!!

Thanks again for your fast reply.


Happy Christmas!
Regards,
Derry manly

P.P.S. your information on setting up spy sweeper is a little different to what actually is required? You need to create a custom sweep, if you wish I'll lay out the steps as I found them when I return.

Edited by dmanley, 19 December 2006 - 12:21 PM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 19 December 2006 - 01:37 PM

Please do tell me want to change as I cannot DL it post trial

Fix these with HiJackThis mark them, close IE, click fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - (no file)

O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\hbllndcr.dll (file missing)

O8 - Extra context menu item: 使用脱兔下载 - C:\Documents and Settings\DManley\update\TT_one.htm

O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Documents and Settings\DManley\update\TT_all.htm

O9 - Extra button: 脱兔下载 - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)

O9 - Extra 'Tools' menuitem: &TuoTu - {D5C1CCC2-811B-4bf2-BF22-0D3B89600F5B} - C:\Documents and Settings\DManley\update\TuoTu.exe (file missing)

O20 - Winlogon Notify: winafd32 - winafd32.dll (file missing)

START RUN type in %temp% - OK - Edit Select all File Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn抰 work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 dmanley

dmanley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 28 December 2006 - 08:07 PM

This is the hijackthis log post all work done!


Logfile of HijackThis v1.99.1
Scan saved at 00:46:13, on 29/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Utilities\LogMeIn\RaMaint.exe
D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Security\BitDefender8\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe
D:\Program Files\Security\BitDefender8\bdoesrv.exe
D:\Program Files\Security\BitDefender8\bdnagent.exe
D:\Program Files\Security\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Spy Sweeper\SpySweeperUI.exe
D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\UTILIT~1\MICROS~1\rapimgr.exe
D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
E:\01\Temp\01\muBlinder.exe
C:\Program Files\Spy Sweeper\SSU.EXE
D:\Program Files\Web\Browser\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by MADQ
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\Utilities\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Security\BitDefender8\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\Program Files\Security\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Security\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DllRunning] "rundll32.exe" "C:\WINDOWS\system32\mcaishrp.dll",setvm
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [PcSync] "D:\Program" Files\Utilities\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [NBJ] "D:\Program Files\Utilities\Nero\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [IMTray] "D:\Program Files\Utilities\InterMapper\IMTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Utilities\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to muBlinder.exe.lnk = E:\01\Temp\01\muBlinder.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Adobe Acrobat 6p0 Pro\Distillr\acrotray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\Office\MS\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\UTILIT~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Office\MS\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132948949458
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150231350391
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - AppInit_DLLs: sockspy.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - D:\Program Files\Utilities\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Security\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)





This is the process for performing a scan with spysweeper Ver 5.2.3.2138:

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link. (Download Antivirus if required)
* Install it. During the install it will prompt for updates, these can be gotten now or later
* Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, if not already done so, before proceding check to ensure that you are up to date (Click Home > Bottom middle of page will tell you) .
* Once the definitions are installed, click Options on the left side.
* Click the Options tab on the left hand side.
* Chose Custom Sweep (Raido Buttom)
* Chose Change Settings (Link)
* Where to Sweep
> Select My Computer
* What to Sweep
> Select all options available (enable Virus scan if available)
* Skip File Types
> Do not skip any file types
* Advanced Options
> Select all options available


* Click Sweep on the left side.
* Click the Black arrow next to start full sweep
* Select Start Custom Sweep
* When it's done scanning, copy Items Found into Notepad
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click the Summary tab and click Finish.
* Compare the contents of the notepad to the report
* Place the contens of the notepad into your next reply identifying any items not removed.

If Spy Sweeper Suggests rebooting and scanning again repeat process and copy that information into your next reply as well.



Edit it as you wish!

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 28 December 2006 - 08:30 PM

Thanks for the script!!!!!!!!!!!!!

How are things now?????????????
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 dmanley

dmanley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:22 PM

Posted 02 January 2007 - 05:50 AM

Everything seams fine!!!

Thank you,
Happy New year!!!

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:22 PM

Posted 02 January 2007 - 10:11 AM

Clean Posted Image

Turn off restore points, boot, turn them back on here抯 how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users