Terrible Virus

Paullee123
edited December 2008 in Logs analysis

My computer was clearly infected since later November. Afterwards, I can't use my computer to access to Bitdefender website, Mircosoft website and even other Anti-virus softwares' websites; I also can't update my Bitdefender. My computer also encountered some errors about svchost.exe .


My friend sent other Anti-virus softwares to me, but I still couldn't solve those problem.


And then, I accidentally uninstall my Bitdefender; since my computer couldn't access to Bitdefender website, I couldn't reinstall Bitdefender.


Now, I have to borrow my friend's computer to go to forum.bitdefender.com.


How can I solve these problems? Thank you.


Here is the Hijackthis Log of my computer (before uninstalling Bitdefender):


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 10:30:55, on 30/11/2008


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16735)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\WINDOWS\Explorer.EXE


C:\WINDOWS\ehome\ehtray.exe


C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


C:\WINDOWS\system32\hkcmd.exe


C:\WINDOWS\system32\igfxpers.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


C:\Program Files\Common Files\Real\Update_OB\realsched.exe


C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


C:\Program Files\D4\D4.exe


C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe


C:\Program Files\GridService\peer.exe


C:\Program Files\QuickTime\qttask.exe


C:\Program Files\iTunes\iTunesHelper.exe


C:\PROGRA~1\AVG\AVG8\avgtray.exe


C:\Program Files\360Safebox\safeboxTray.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Windows Media Player\WMPNSCFG.exe


C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


C:\Program Files\Bonjour\mDNSResponder.exe


C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


C:\WINDOWS\eHome\ehRecvr.exe


C:\WINDOWS\eHome\ehSched.exe


C:\WINDOWS\System32\svchost.exe


C:\Program Files\Common Files\LightScribe\LSSrvc.exe


C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


C:\PROGRA~1\AVG\AVG8\avgrsx.exe


C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


C:\Program Files\Nakido\nakido.exe


C:\WINDOWS\system32\HPZipm12.exe


C:\Program Files\CyberLink\Shared Files\RichVideo.exe


C:\WINDOWS\system32\svchost.exe


C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


C:\PROGRA~1\AVG\AVG8\avgemc.exe


C:\WINDOWS\system32\mqsvc.exe


C:\WINDOWS\system32\mqtgsvc.exe


C:\Program Files\iPod\bin\iPodService.exe


C:\WINDOWS\system32\dllhost.exe


C:\WINDOWS\eHome\ehmsas.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\Internet Explorer\iexplore.exe


C:\Program Files\360safe\360Safe.exe


C:\Program Files\360safe\safemon\360Tray.exe


C:\Downloads\360compkill\SuperKiller.exe


C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe


C:\Program Files\Mozilla Firefox\firefox.exe


C:\Download (2008)\HiJackThis_PConline\HijackThis.exe


O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll


O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll


O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll


O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL


O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll


O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe


O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe


O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe


O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe


O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe


O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe


O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe


O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync


O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync


O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe


O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler


O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot


O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


O4 - HKLM\..\Run: [miniqqlive] "C:\Program Files\Tencent\QQLive\MiniQQLive.exe"


O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"


O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe


O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"


O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"


O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv8266.cpx/r


O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe


O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1


O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray


O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe


O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe


O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')


O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')


O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')


O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe


O4 - Global Startup: UCLA Cisco VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe


O8 - Extra context menu item: &U妏蚚馨譙儂狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html


O8 - Extra context menu item: Clip To ComicGURU - C:\Program Files\Raysolutions\ComicGURU\ComicGURU_IEClip.htm


O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm


O8 - Extra context menu item: Foxy 更 - res://C:\Program Files\Foxy\Foxy.exe/download.htm


O8 - Extra context menu item: Foxy  - res://C:\Program Files\Foxy\Foxy.exe/search.htm


O8 - Extra context menu item: Foxy  - res://C:\Program Files\Foxy\Foxy.exe/download.htm


O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm


O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


O8 - Extra context menu item: 妏蚚捃濘狟婥 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm


O8 - Extra context menu item: 妏蚚捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ZH_HK&c=64&bd=presario&pf=laptop


O15 - Trusted Zone: http://*.adultlife.cn


O15 - Trusted Zone: http://*.ldtv.net


O15 - ESC Trusted Zone: http://*.update.microsoft.com


O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab


O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab


O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab


O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx


O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


O16 - DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} (EBookCtl Class) - http://haishin.ebookjapan.jp/contents/appl...er/eBookCtl.cab


O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx


O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} - http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx


O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll


O18 - Filter hijack: text/html - {f5835466-522a-4160-8ff4-e65dd52c7b93} - C:\WINDOWS\system32\msiebbar.dll


O20 - Winlogon Notify: sbrige - sbrige.dll (file missing)


O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe


O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


O23 - Service: Bonjour ?叭 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


O23 - Service: DHCP Client Dhcpscan (Dhcpscan) - Unknown owner - C:\WINDOWS\system32\wpv9460.cpx.exe (file missing)


O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: iPod ?叭 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe


O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)


O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


--


End of file - 14764 bytes

Comments

  • i analyzed your hijack this log and found several things that need to be fixed.


    please rescan with hijackthis and check the following checkboxes next to these


    C:\Program Files\360safe\360Safe.exe


    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe


    and then press fix

  • i analyzed your hijack this log and found several things that need to be fixed.


    please rescan with hijackthis and check the following checkboxes next to these


    C:\Program Files\360safe\360Safe.exe


    O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe


    and then press fix


    Thank you very much!


    I followed your instructions and fixed thee two things, but the problems of my computer still haven't benn solved....


    Here is the new Hijackthis Log of my computer (after I fixed those two things):


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 22:46:51, on 10/12/2008


    Platform: Windows XP SP3 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16735)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\ehome\ehtray.exe


    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


    C:\WINDOWS\system32\hkcmd.exe


    C:\WINDOWS\system32\igfxpers.exe


    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


    C:\Program Files\Common Files\Real\Update_OB\realsched.exe


    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe


    C:\Program Files\D4\D4.exe


    C:\Program Files\GridService\peer.exe


    C:\Program Files\QuickTime\qttask.exe


    C:\Program Files\iTunes\iTunesHelper.exe


    C:\Program Files\BeatTrojan2008\BeatTrojanMon.exe


    C:\Program Files\ClamWin\bin\ClamTray.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Windows Media Player\WMPNSCFG.exe


    C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    C:\WINDOWS\eHome\ehRecvr.exe


    C:\WINDOWS\eHome\ehSched.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    C:\Program Files\Nakido\nakido.exe


    C:\WINDOWS\system32\HPZipm12.exe


    C:\Program Files\CyberLink\Shared Files\RichVideo.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\BeatTrojan2008\BeatTrojanShields.exe


    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    C:\WINDOWS\system32\mqsvc.exe


    C:\WINDOWS\system32\mqtgsvc.exe


    C:\Program Files\iPod\bin\iPodService.exe


    C:\WINDOWS\system32\dllhost.exe


    C:\WINDOWS\eHome\ehmsas.exe


    C:\Program Files\Messenger\msmsgs.exe


    C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Internet Explorer\iexplore.exe


    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe


    C:\Program Files\Outlook Express\msimn.exe


    C:\WINDOWS\system32\wuauclt.exe


    C:\Download (2008)\HiJackThis_PConline\HijackThis.exe


    O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll


    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll


    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


    O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll


    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL


    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll


    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)


    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe


    O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32


    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"


    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe


    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe


    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe


    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe


    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe


    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe


    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync


    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync


    O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe


    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


    O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler


    O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot


    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


    O4 - HKLM\..\Run: [miniqqlive] "C:\Program Files\Tencent\QQLive\MiniQQLive.exe"


    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"


    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"


    O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe


    O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid


    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


    O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv8266.cpx/r


    O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r


    O4 - HKLM\..\Run: [beatTrojan] C:\Program Files\BeatTrojan2008\BeatTrojanMon.exe


    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon


    O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1


    O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray


    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')


    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


    O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')


    O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')


    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe


    O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe


    O4 - Global Startup: UCLA Cisco VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe


    O8 - Extra context menu item: &UʹÓÃÄÉÃ×»úÆ÷ÈËÏÂÔز¢ÊÕ²Ø - C:\Program Files\NamiRobot\Data\du.html


    O8 - Extra context menu item: Clip To ComicGURU - C:\Program Files\Raysolutions\ComicGURU\ComicGURU_IEClip.htm


    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm


    O8 - Extra context menu item: Foxy ’اó - res://C:\Program Files\Foxy\Foxy.exe/download.htm


    O8 - Extra context menu item: Foxy r q - res://C:\Program Files\Foxy\Foxy.exe/search.htm


    O8 - Extra context menu item: Foxy ‰º Ú - res://C:\Program Files\Foxy\Foxy.exe/download.htm


    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm


    O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm


    O8 - Extra context menu item: ʹÓÃѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java ¥D±±¥x - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: ¹B¦æ¨³¹p5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


    O9 - Extra 'Tools' menuitem: ¹B¦æ¨³¹p5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe


    O9 - Extra button: °Ñ¦Ò¸ê®Æ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ZH_HK&c=64&bd=presario&pf=laptop


    O15 - Trusted Zone: http://*.adultlife.cn


    O15 - Trusted Zone: http://*.ldtv.net


    O15 - ESC Trusted Zone: http://*.update.microsoft.com


    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab


    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab


    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab


    O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab


    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx


    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab


    O16 - DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} (EBookCtl Class) - http://haishin.ebookjapan.jp/contents/appl...er/eBookCtl.cab


    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx


    O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} - http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx


    O18 - Filter hijack: text/html - {f5835466-522a-4160-8ff4-e65dd52c7b93} - C:\WINDOWS\system32\msiebbar.dll


    O20 - Winlogon Notify: sbrige - sbrige.dll (file missing)


    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    O23 - Service: Bonjour ?¥z (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe


    O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    O23 - Service: DHCP Client Dhcpscan (Dhcpscan) - Unknown owner - C:\WINDOWS\system32\wpv9460.cpx.exe (file missing)


    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


    O23 - Service: iPod ?¥z (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (file missing)


    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE


    O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe


    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)


    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe (file missing)


    O23 - Service: ¤ì°¨²M°£¤j®v§Y®ÉºÊ±± - Unknown owner - C:\Program Files\BeatTrojan2008\BeatTrojanSvc.exe


    O23 - Service: ¦Û°Ê LiveUpdate ±Æµ{¾¹ - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe


    --


    End of file - 14202 bytes

  • rootkit
    rootkit ✭✭✭
    edited December 2008

    Check these in Hijackthis && press Fix checked:



    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


    O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)


    O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid


    O4 - HKLM\..\Run: [advap32] C:\WINDOWS\system32\wpv8266.cpx/r


    O4 - HKLM\..\Run: [360Safebox] "C:\Program Files\360Safebox\safeboxTray.exe" /r


    O4 - HKLM\..\Run: [beatTrojan] C:\Program Files\BeatTrojan2008\BeatTrojanMon.exe


    O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray


    O8 - Extra context menu item: &UʹÓÃÄÉÃ×»úÆ÷ÈËÏÂÔز¢ÊÕ²Ø - C:\Program Files\NamiRobot\Data\du.html


    O8 - Extra context menu item: Clip To ComicGURU - C:\Program Files\Raysolutions\ComicGURU\ComicGURU_IEClip.htm


    O9 - Extra button: ¹B¦æ¨³¹p5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


    O9 - Extra 'Tools' menuitem: ¹B¦æ¨³¹p5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe


    O15 - Trusted Zone: http://*.adultlife.cn


    O15 - Trusted Zone: http://*.ldtv.net


    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab


    O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab


    O16 - DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} (EBookCtl Class) - http://haishin.ebookjapan.jp/contents/appl...er/eBookCtl.cab


    O16 - DPF: {EC0978ED-24E3-403C-AB7A-060E388553E6} - http://www.17bobo.com/Software/BoBo_ActiveX_V3.ocx


    O18 - Filter hijack: text/html - {f5835466-522a-4160-8ff4-e65dd52c7b93} - C:\WINDOWS\system32\msiebbar.dll


    O20 - Winlogon Notify: sbrige - sbrige.dll (file missing)


    O23 - Service: DHCP Client Dhcpscan (Dhcpscan) - Unknown owner - C:\WINDOWS\system32\wpv9460.cpx.exe (file missing)


    O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe


    O23 - Service: ¤ì°¨²M°£¤j®v§Y®ÉºÊ±± - Unknown owner - C:\Program Files\BeatTrojan2008\BeatTrojanSvc.exe


    Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.


    Open Notepad and copy/paste the text in the quotebox below into it:


    File::


    C:\Program Files\BeatTrojan2008\BeatTrojanMon.exe


    C:\Program Files\BeatTrojan2008\BeatTrojanShields.exe


    C:\WINDOWS\system32\wpv8266.cpx


    C:\Program Files\360Safebox\safeboxTray.exe


    C:\Program Files\BeatTrojan2008\BeatTrojanMon.exe


    C:\Program Files\Foxy\Foxy.exe


    C:\Program Files\Thunder Network\Thunder\Thunder.exe


    C:\WINDOWS\system32\msiebbar.dll


    C:\WINDOWS\system32\wpv9460.cpx.exe


    C:\Program Files\Nakido\nakido.exe


    C:\Program Files\BeatTrojan2008\BeatTrojanSvc.exe


    Save this as:


    CFScript.txt


    Drag CFScript.txt into ComboFix.exe


    CFScript.gif


    Then post the resultant log here.


    Download Malwarebytes' Anti-malware from here:


    http://www.malwarebytes.org/mbam/program/mbam-setup.exe


    Once the download is complete, run the install program, and accept all of the default options. Make sure that the options to Update and Launch the software is checked when you click Finish.


    Now, let's make sure that it has all of the latest anti-spyware definitions: click on the Update tab and click the Check for Updates button.


    malwarebytes1.png


    After the updates have been loaded, click on the Scanner tab and choose the Perform Complete Scan option, then click the Scan button.


    a5163075fd548685aa01c10a88346d17.png


    When the scan is complete, it will show you all of the potentially harmful files on your computer - click the button to remove them automatically.


    Paste the scan log here. :)