Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

buldog


  • Please log in to reply
1 reply to this topic

#1 TJO

TJO

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 01 January 2005 - 07:06 AM

Hello,

Yesterday it started ... since then http://www.buldog-search.com/ has infected my regedit file and i can't get it out ... i've tried to remove it with hijackthis, by deleting it from my regedit file but i still keeps coming back ...


This is my logfile from Hijackthis ... can anyone help me ???

Logfile of HijackThis v1.99.0
Scan saved at 12:53:55, on 1-1-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Common Files\Symantec Shared\ccApp.exe
I:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
I:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
I:\WINDOWS\System32\CTHELPER.EXE
I:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
I:\WINDOWS\System32\Drivers\SAP\FD.exe
I:\WINDOWS\System32\CTsvcCDA.exe
I:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
I:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
I:\WINDOWS\System32\ctfmon.exe
I:\WINDOWS\System32\RUNDLL32.EXE
I:\Program Files\Spyware Doctor\spydoctor.exe
I:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
I:\Program Files\Shareaza\Shareaza.exe
I:\Program Files\E-Color\Common\IconMgr.exe
i:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
I:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\System32\MsPMSPSv.exe
I:\WINDOWS\system32\ZoneLabs\minilog.exe
I:\Program Files\Plextor\PlexIcon.exe
I:\WINDOWS\System32\wuauclt.exe
I:\Antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - I:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - I:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - I:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - I:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Wanadoo - {10CA15EA-C0A5-7CAF-B9E9-B8B2A87EFE11} - I:\PROGRA~1\Wanadoo\GLOBAL\Mstbr\mstbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "I:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "I:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] I:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] I:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "I:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] I:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [FD_SAP] I:\WINDOWS\System32\Drivers\SAP\FD.exe
O4 - HKLM\..\Run: [AnyDVD] I:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Doctor] "I:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Shareaza] "I:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: E-Color.lnk = I:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Easy-PrintToolBox.lnk = I:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = I:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = I:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O4 - Global Startup: PlexTools Professional.lnk = I:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: ZoneAlarm.lnk = I:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - I:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - I:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: TrueVector Basic Logging Client - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\minilog.exe
O23 - Service: Norton AntiVirus Auto-Protect - Symantec Corporation - I:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Configuration Service - AT&T - I:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation - I:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - I:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - I:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - I:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:41 PM

Posted 01 January 2005 - 07:07 PM

Fix these lines in hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O4 - HKCU\..\Run: [Shareaza] "I:\Program Files\Shareaza\Shareaza.exe" -tray


Reboot and post a new log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users