Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Up To Date Logs From Combofix And Hijakthis. Analyse Please!

Options
Romey
Romey
in Logs analysis

As requested by Niels...Thanks for help!


First is ComboFix log:


ComboFix 08-04-29.5 - Ben 2008-04-30 20:57:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.254 [GMT 1:00]
Running from: C:\Users\Ben\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-30  )))))))))))))))))))))))))))))))
.

2008-04-29 20:56 . 2008-04-29 20:56    <DIR>    d--------    C:\Users\All Users\Avg8
2008-04-29 20:56 . 2008-04-29 20:56    <DIR>    d--------    C:\ProgramData\Avg8
2008-04-29 18:02 . 2008-04-29 18:02    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\BitDefender
2008-04-29 18:00 . 2008-04-29 19:42    <DIR>    d--------    C:\Users\All Users\BitDefender
2008-04-29 18:00 . 2008-04-29 19:42    <DIR>    d--------    C:\ProgramData\BitDefender
2008-04-29 18:00 . 2008-04-29 18:00    <DIR>    d--------    C:\Program Files\BitDefender
2008-04-29 17:58 . 2008-04-29 18:00    <DIR>    d--------    C:\Program Files\Common Files\BitDefender
2008-04-29 14:43 . 2008-04-29 14:43    <DIR>    d--------    C:\Users\All Users\SUPERAntiSpyware.com
2008-04-29 14:43 . 2008-04-29 14:43    <DIR>    d--------    C:\ProgramData\SUPERAntiSpyware.com
2008-04-29 14:41 . 2008-04-29 17:31    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2008-04-29 14:41 . 2008-04-29 17:31    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2008-04-29 12:59 . 2008-03-03 15:06    279,440    --a------    C:\Windows\System32\drivers\~GLH0014.TMP
2008-04-28 12:05 . 2008-04-28 12:05    <DIR>    d--------    C:\Windows\System32\nn-NO
2008-04-28 12:05 . 2008-02-29 22:25    393,216    --a------    C:\Windows\System32\athihvs.dll
2008-04-28 12:05 . 2008-02-29 22:26    376,832    --a------    C:\Windows\System32\S64CPA.exe
2008-04-28 12:05 . 2008-02-29 22:26    53,248    --a------    C:\Windows\System32\athihvui.dll
2008-04-28 12:04 . 2008-04-28 12:04    <DIR>    d--------    C:\Program Files\Cisco
2008-04-28 12:03 . 2008-04-28 12:03    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\InstallShield
2008-04-28 11:44 . 2008-04-28 11:44    <DIR>    d--------    C:\Program Files\Intel
2008-04-28 11:08 . 2008-04-28 11:08    <DIR>    d--------    C:\Program Files\Microsoft Silverlight
2008-04-27 13:50 . 2008-04-28 10:37    <DIR>    d--------    C:\Program Files\Yahoo!
2008-04-27 13:14 . 2008-04-27 13:14    <DIR>    d--------    C:\PerfLogs
2008-04-27 12:51 . 2008-04-27 12:11    152,576    --a------    C:\Windows\System32\SPWizUI.dll
2008-04-27 12:51 . 2008-04-27 12:11    47,560    --a------    C:\Windows\System32\SPReview.exe
2008-04-27 12:23 . 2008-01-18 23:33    599,552    --a------    C:\Windows\System32\vsp1cln.exe
2008-04-27 12:23 . 2008-01-18 23:33    193,024    --a------    C:\Windows\System32\recdisc.exe
2008-04-27 12:23 . 2008-01-18 23:36    142,336    --a------    C:\Windows\System32\spp.dll
2008-04-27 12:23 . 2008-01-18 23:36    28,160    --a------    C:\Windows\System32\sxproxy.dll
2008-04-27 12:23 . 2008-01-18 23:36    6,656    --a------    C:\Windows\System32\sdspres.dll
2008-04-27 12:20 . 2008-01-18 23:34    6,103,040    --a------    C:\Windows\System32\chtbrkr.dll
2008-04-27 12:15 . 2008-01-18 23:33    44,032    --a------    C:\Windows\System32\cbsra.exe
2008-04-27 12:11 . 2008-04-27 12:11    <DIR>    d--------    C:\8d99c6eace76428ab67d6e97c665
2008-04-27 12:11 . 2008-04-27 12:54    49,152    --a------    C:\Windows\SPInstall.etl
2008-04-27 03:10 . 2008-04-27 03:10    2,032,128    --a------    C:\Windows\System32\win32k.sys
2008-04-27 03:10 . 2008-04-27 03:10    295,936    --a------    C:\Windows\System32\gdi32.dll
2008-04-27 03:04 . 2008-04-27 03:04    1,383,424    --a------    C:\Windows\System32\mshtml.tlb
2008-04-27 03:04 . 2008-04-27 03:04    826,880    --a------    C:\Windows\System32\wininet.dll
2008-04-26 18:11 . 2008-04-26 18:11    <DIR>    d--------    C:\Users\All Users\PC Tools
2008-04-26 18:11 . 2008-04-26 18:11    <DIR>    d--------    C:\ProgramData\PC Tools
2008-04-26 17:57 . 2008-04-28 10:33    <DIR>    d-a------    C:\Users\All Users\TEMP
2008-04-26 17:57 . 2008-04-28 10:33    <DIR>    d-a------    C:\ProgramData\TEMP
2008-04-26 17:26 . 2008-04-26 17:26    988,216    --a------    C:\Windows\System32\winload.exe
2008-04-26 17:26 . 2008-04-26 17:26    927,288    --a------    C:\Windows\System32\winresume.exe
2008-04-26 17:26 . 2008-04-26 17:26    615,992    --a------    C:\Windows\System32\ci.dll
2008-04-26 17:26 . 2008-04-26 17:26    378,368    --a------    C:\Windows\System32\srcore.dll
2008-04-26 17:26 . 2008-04-26 17:26    318,464    --a------    C:\Windows\System32\rstrui.exe
2008-04-26 17:26 . 2008-04-26 17:26    46,592    --a------    C:\Windows\System32\setbcdlocale.dll
2008-04-26 17:26 . 2008-04-26 17:26    40,960    --a------    C:\Windows\System32\srclient.dll
2008-04-26 17:26 . 2008-04-26 17:26    19,000    --a------    C:\Windows\System32\kd1394.dll
2008-04-26 17:26 . 2008-04-26 17:26    14,848    --a------    C:\Windows\System32\srdelayed.exe
2008-04-26 17:26 . 2008-04-26 17:26    6,656    --a------    C:\Windows\System32\kbd106n.dll
2008-04-26 16:18 . 2008-04-26 16:18    <DIR>    d--------    C:\Users\All Users\MailFrontier
2008-04-26 16:18 . 2008-04-26 16:18    <DIR>    d--------    C:\ProgramData\MailFrontier
2008-04-26 14:12 . 2008-04-26 14:12    <DIR>    d--------    C:\Program Files\AVG
2008-04-25 22:29 . 2008-04-25 22:29    <DIR>    d--------    C:\Program Files\Trend Micro
2008-04-25 21:28 . 2008-04-25 22:18    <DIR>    d--------    C:\Users\All Users\Spybot - Search & Destroy
2008-04-25 21:28 . 2008-04-25 22:18    <DIR>    d--------    C:\ProgramData\Spybot - Search & Destroy
2008-04-25 21:28 . 2008-04-25 21:28    <DIR>    d--------    C:\Program Files\Spybot - Search & Destroy
2008-04-25 20:52 . 2008-04-29 17:17    2,994    --a------    C:\rollback.ini
2008-04-25 20:21 . 2008-04-25 20:21    <DIR>    d--------    C:\Users\All Users\CheckPoint
2008-04-25 20:21 . 2008-04-25 20:21    <DIR>    d--------    C:\ProgramData\CheckPoint
2008-04-25 20:21 . 2008-03-03 15:06    279,440    --a------    C:\Windows\System32\drivers\~GLH0013.TMP
2008-04-25 19:46 . 2008-04-29 17:27    <DIR>    d--------    C:\Windows\Internet Logs
2008-04-25 17:39 . 2008-04-26 17:02    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\CheckPoint
2008-04-25 17:37 . 2008-04-26 17:30    <DIR>    d--------    C:\Program Files\CheckPoint
2008-04-25 17:37 . 2008-04-25 17:37    144    --a------    C:\Windows\System32\lkfl.dat
2008-04-25 17:37 . 2008-04-26 17:01    96    --a------    C:\Windows\System32\pdfl.dat
2008-04-25 17:37 . 2008-04-25 17:37    96    --a------    C:\Windows\System32\ibfl.dat
2008-04-25 16:35 . 2008-04-29 16:51    <DIR>    d--------    C:\Users\All Users\SecTaskMan
2008-04-25 16:35 . 2008-04-29 16:51    <DIR>    d--------    C:\ProgramData\SecTaskMan
2008-04-21 21:01 . 2008-04-21 21:01    <DIR>    d--------    C:\Program Files\iTunes
2008-04-21 21:01 . 2008-04-21 21:01    <DIR>    d--------    C:\Program Files\iPod
2008-04-21 20:52 . 2008-04-21 20:52    <DIR>    d--------    C:\Program Files\Apple Software Update
2008-03-13 17:21 . 2008-03-13 17:21    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\Apple Computer
2008-03-13 17:16 . 2008-03-13 17:16    <DIR>    d--------    C:\Program Files\Bonjour
2008-03-13 17:15 . 2008-04-21 21:01    <DIR>    d--------    C:\Users\All Users\Apple Computer
2008-03-13 17:15 . 2008-04-21 21:01    <DIR>    d--------    C:\ProgramData\Apple Computer
2008-03-13 17:12 . 2008-03-13 17:12    <DIR>    d--------    C:\Users\All Users\Apple
2008-03-13 17:12 . 2008-03-13 17:12    <DIR>    d--------    C:\ProgramData\Apple
2008-03-13 17:12 . 2008-03-13 17:12    <DIR>    d--------    C:\Program Files\Common Files\Apple
2008-03-13 17:04 . 2008-03-15 11:12    <DIR>    d--------    C:\Users\Ben\AppData\Roaming\LimeWire
2008-03-05 23:50 . 2008-03-05 23:50    <DIR>    d--------    C:\Program Files\K-Lite Codec Pack
2008-03-05 23:50 . 2008-01-10 14:15    755,027    --a------    C:\Windows\System32\xvidcore.dll
2008-03-05 23:50 . 2007-09-04 18:56    164,352    --a------    C:\Windows\System32\unrar.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 16:31    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 15:36    ---------    d-----w    C:\Program Files\Common Files\Real
2008-04-29 15:29    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-04-29 15:29    ---------    d-----w    C:\Program Files\Knight Online
2008-04-29 15:07    ---------    d-----w    C:\Program Files\DivX
2008-04-29 14:40    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-04-29 12:51    ---------    d-----w    C:\Program Files\World of Warcraft
2008-04-28 12:58    ---------    d-----w    C:\Program Files\Google
2008-04-28 11:05    ---------    d-----w    C:\Program Files\Atheros
2008-04-28 11:03    ---------    d-----w    C:\ProgramData\Atheros
2008-04-28 10:06    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-04-27 12:30    174    --sha-w    C:\Program Files\desktop.ini
2008-04-27 12:20    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-04-27 12:20    ---------    d-----w    C:\Program Files\Windows Mail
2008-04-27 12:20    ---------    d-----w    C:\Program Files\Windows Calendar
2008-04-27 12:19    ---------    d-----w    C:\Program Files\Windows Photo Gallery
2008-04-27 12:19    ---------    d-----w    C:\Program Files\Windows Journal
2008-04-27 12:19    ---------    d-----w    C:\Program Files\Windows Defender
2008-04-27 12:19    ---------    d-----w    C:\Program Files\Windows Collaboration
2008-04-27 12:00    82,432    ----a-w    C:\Windows\System32\axaltocm.dll
2008-04-27 12:00    101,888    ----a-w    C:\Windows\System32\ifxcardm.dll
2008-04-26 13:13    ---------    d-----w    C:\ProgramData\Grisoft
2008-04-01 20:05    ---------    d-----w    C:\Program Files\Java
2008-02-11 19:13    920,088    ----a-w    C:\Windows\System32\igxpun.exe
2008-02-11 19:13    539,160    ----a-w    C:\Windows\System32\igfxcfg.exe
2008-02-11 19:13    256,536    ----a-w    C:\Windows\System32\igfxsrvc.exe
2008-02-11 19:13    170,520    ----a-w    C:\Windows\System32\igfxzoom.exe
2008-02-11 19:13    170,520    ----a-w    C:\Windows\System32\igfxext.exe
2008-02-11 19:13    166,424    ----a-w    C:\Windows\System32\hkcmd.exe
2008-02-11 19:13    141,848    ----a-w    C:\Windows\System32\igfxtray.exe
2008-02-11 19:13    133,656    ----a-w    C:\Windows\System32\igfxpers.exe
2008-02-11 18:55    147,456    ----a-w    C:\Windows\System32\igfxCoIn_v1437.dll
2008-02-11 18:36    3,301,376    ----a-w    C:\Windows\System32\igdumd32.dll
2008-02-11 18:01    2,420,736    ----a-w    C:\Windows\System32\ig4icd32.dll
2008-02-11 18:01    2,174,976    ----a-w    C:\Windows\System32\ig4dev32.dll
2008-02-11 17:48    245,760    ----a-w    C:\Windows\System32\igfxTMM.dll
2008-02-11 17:47    69,632    ----a-w    C:\Windows\System32\oemdspif.dll
2008-02-11 17:47    48,640    ----a-w    C:\Windows\System32\igfxsrvc.dll
2008-02-11 17:47    24,576    ----a-w    C:\Windows\System32\igfxexps.dll
2008-02-11 17:47    204,800    ----a-w    C:\Windows\System32\igfxpph.dll
2008-02-11 17:46    3,293,184    ----a-w    C:\Windows\System32\igfxress.dll
2008-02-11 17:46    204,800    ----a-w    C:\Windows\System32\igfxdev.dll
2008-02-11 17:46    135,168    ----a-w    C:\Windows\System32\igfxdo.dll
2008-02-11 17:46    106,496    ----a-w    C:\Windows\System32\hccutils.dll
2008-01-29 11:02    107,368    ----a-w    C:\Windows\System32\GEARAspi.dll
2008-01-18 22:43    376,376    ----a-w    C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-18 22:43    3,600,440    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-01-18 22:43    3,548,728    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-01-18 22:43    247,352    ----a-w    C:\Windows\System32\clfs.sys
2008-01-18 22:42    94,776    ----a-w    C:\Windows\System32\MigAutoPlay.exe
2008-01-18 22:42    51,768    ----a-w    C:\Windows\System32\PSHED.DLL
2008-01-18 22:42    177,208    ----a-w    C:\Windows\System32\halmacpi.dll
2008-01-18 22:42    141,880    ----a-w    C:\Windows\System32\halacpi.dll
2008-01-18 22:41    24,120    ----a-w    C:\Windows\System32\BOOTVID.DLL
2008-01-18 22:41    21,560    ----a-w    C:\Windows\System32\kdusb.dll
2008-01-18 22:41    19,512    ----a-w    C:\Windows\System32\kdcom.dll
2008-01-18 22:38    46,080    ----a-w    C:\Windows\System32\NAPCRYPT.DLL
2008-01-18 22:38    4,595,712    ----a-w    C:\Windows\System32\AuthFWSnapin.dll
2008-01-18 22:38    242,744    ----a-w    C:\Windows\System32\rsaenh.dll
2008-01-18 22:38    155,704    ----a-w    C:\Windows\System32\dssenh.dll
2008-01-18 22:38    131,640    ----a-w    C:\Windows\System32\basecsp.dll
2008-01-18 22:38    103,936    ----a-w    C:\Windows\System32\NAPHLPR.DLL
2008-01-18 22:38    1,203,792    ----a-w    C:\Windows\System32\ntdll.dll
2008-01-18 22:36    99,840    ----a-w    C:\Windows\System32\ulib.dll
2008-01-18 22:35    98,304    ----a-w    C:\Windows\System32\mssitlb.dll
2008-01-18 22:34    98,816    ----a-w    C:\Windows\System32\mfps.dll
2008-01-18 22:33    98,304    ----a-w    C:\Windows\System32\makecab.exe
2008-01-18 22:32    258,048    ----a-w    C:\Windows\System32\winspool.drv
2008-01-18 22:32    21,504    ----a-w    C:\Windows\System32\msacm32.drv
2008-01-18 22:32    166,912    ----a-w    C:\Windows\System32\wdmaud.drv
2008-01-18 22:32    1,370,624    ----a-w    C:\Windows\System32\Aurora.scr
2008-01-18 22:31    7,680    ----a-w    C:\Windows\System32\spwizres.dll
2008-01-18 22:31    57,856    ----a-w    C:\Windows\System32\nlsbres.dll
2008-01-18 22:31    118,272    ----a-w    C:\Windows\System32\RDPENCDD.dll
2008-01-18 22:30    17,920    ----a-w    C:\Windows\System32\netevent.dll
2008-01-18 22:29    705,536    ----a-w    C:\Windows\System32\imagesp1.dll
2008-01-18 22:29    58,880    ----a-w    C:\Windows\System32\msobjs.dll
2008-01-18 22:28    7,168    ----a-w    C:\Windows\System32\f3ahvoas.dll
2008-01-18 22:26    36,864    ----a-w    C:\Windows\System32\cdd.dll
2008-01-18 21:06    8,147,456    ----a-w    C:\Windows\System32\wmploc.DLL
2008-01-18 21:01    14,336    ----a-w    C:\Windows\System32\tsddd.dll
2008-01-18 21:01    134,656    ----a-w    C:\Windows\System32\rdpdd.dll
2008-01-18 20:52    56,320    ----a-w    C:\Windows\System32\vga256.dll
2008-01-18 20:52    21,504    ----a-w    C:\Windows\System32\vga64k.dll
2008-01-18 20:52    11,776    ----a-w    C:\Windows\System32\framebuf.dll
2008-01-18 20:52    10,752    ----a-w    C:\Windows\System32\vga.dll
2008-01-18 20:50    14,848    ----a-w    C:\Windows\System32\iscsilog.dll
2008-01-18 20:49    2,048    ----a-w    C:\Windows\System32\dmdskres2.dll
2008-01-18 20:48    20,992    ----a-w    C:\Windows\System32\msdtcVSp1res.dll
2008-01-18 20:48    1,291,264    ----a-w    C:\Windows\System32\comres.dll
2008-01-18 20:46    4,240,384    ----a-w    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-18 20:39    13,312    ----a-w    C:\Windows\System32\WsmRes.dll
2008-01-18 20:39    1,536    ----a-w    C:\Windows\System32\WsmCl.dll
2008-01-18 20:36    289,792    ----a-w    C:\Windows\System32\atmfd.dll
2008-01-18 20:33    56,320    ----a-w    C:\Windows\System32\graftabl.com
2008-01-18 20:31    8,322,048    ----a-w    C:\Windows\System32\spwizimg.dll
2008-01-18 20:27    2,560    ----a-w    C:\Windows\System32\bootstr.dll
2008-01-18 20:26    605,696    ----a-w    C:\Windows\System32\adtschema.dll
2008-01-18 18:17    100,043    ----a-w    C:\Windows\System32\StructuredQuerySchema.bin
2008-01-05 02:36    195,122    ----a-w    C:\Windows\System32\winrm.vbs
2007-11-27 20:38    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-27 20:38    32,768    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-27 20:38    16,384    --sha-w    C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 07:32 898344]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 07:00 204800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-16 17:45 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\[u]0[/u]0TCrdMain]
--a------ 2007-01-17 14:46 534648 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
--a------ 2007-02-13 09:30 405504 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
--a------ 2007-01-19 14:25 1507328 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 20:13 166424 C:\Windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 17:49 55416 C:\Program Files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
--a------ 2006-11-01 09:06 413696 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 20:13 141848 C:\Windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 18:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-01-13 09:40 7766016 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-01-13 09:40 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-01-13 09:40 90191 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 20:13 133656 C:\Windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-01-18 14:46 4349952 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-18 23:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-01-29 12:43 509496 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-11-01 12:08 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
--a------ 2007-03-02 15:10 577536 C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
--a------ 2007-02-19 15:00 571024 C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-20 00:16 411768 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F4765197-4384-4690-B0F9-213AC66F6061}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{E49A8DE6-FFEE-4104-9E7A-09E93EEC6931}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{AD157943-61F6-4B3C-A5EE-165581ECC4ED}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{65CFC11B-AFA5-49DB-BBD4-2D43E3F1671B}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{623BFAA1-A01B-4FC3-ADB4-06F0BD3C5BF2}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{02B9D2F8-5F1A-46D3-B6B3-5BCB8179A424}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F8704BA-98B3-4464-8337-69B75D0A1B0D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{690540A0-57F7-4C47-9921-8EB220533E36}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{785A0941-63A8-4A62-BDAF-16CB93D1FCC0}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{C0C80BD7-E1D1-41CF-8228-619A71C5AFE1}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{E4B60A18-9B98-4C9E-8AC6-F66AD9105F8A}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{CF08DDD8-7CB3-4998-80B9-2D19C323ABE9}C:\\program files\\secondlife\\slvoice.exe"= UDP:C:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{8EBDC851-BE8B-434B-B349-343DDBECC9A3}C:\\program files\\secondlife\\slvoice.exe"= TCP:C:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{08C75394-3AD2-40B2-8E09-08B47B57C2B3}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{ED9B3248-C746-4108-BEE5-55A1BEB76B96}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{1516D25D-6E57-4285-B1A4-E2F57ACB7BDD}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{DEB87E61-74F1-495A-BCCF-9724F2650105}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{85415B4E-CF70-458B-A26C-FA088E9A66D9}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{A97BB8AE-0579-4CF3-81EA-A4DF4B482F3C}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{8C356F39-03F0-4758-A6DC-B846C4A4C94F}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C80623B0-1F1D-4DD7-BDA1-317D51E47E00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{3C3F0C9D-D65E-4385-80CC-90F4E639BC51}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{3ACAE70E-DC1B-4587-8CA0-829C5C6B40E6}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{D023D828-5EF0-4E54-96B7-EAACB047A68B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0A2B40C5-E483-4E86-905E-40A3D70A2245}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{4C1F8C11-F896-4F5F-B438-2657BCEE9D7D}"= UDP:C:\Program Files\Fury\Binaries\Fury.exe:Fury
"{295206D7-0841-4E79-A91D-56D438AF416F}"= TCP:C:\Program Files\Fury\Binaries\Fury.exe:Fury
"{4A6D3F0D-A7F3-4106-8E5F-BCAD14549B2B}"= UDP:C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"{A1510B87-BBCA-4DB6-88A3-21E96BBF576D}"= TCP:C:\Program Files\Fury\Binaries\DiamondWare\dwTVC.exe:Fury VOIP
"TCP Query User{FE5C06B6-1F33-46C7-AF35-D4CC5750979B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{341EDC49-F246-4319-9B04-5B4BAC450BE7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{83618F91-81FC-44BE-98BE-2BA557E0FE1C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DA9FB9AD-F298-4E4D-9914-3A620755CF13}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C29D6627-763A-42D8-98D5-48F2BB058A06}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6264C36D-326E-4C6B-BEFB-E5CFE0CF8EFD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{3F7A3961-64BB-4C8A-9C21-A22476349828}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{FAC1B7C0-5D88-42BB-9E7D-C6A8977B6864}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{BCC0B06B-88D6-4067-883C-F55689D45E35}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{597642E1-2C1D-4C1B-89A7-4875ECC778E8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 17:25]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-07-14 04:30]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-26 17:13]
S3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
S3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 17:32]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S4 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 15:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx    REG_MULTI_SZ       scan

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 20:00:00 C:\Windows\Tasks\User_Feed_Synchronization-{6F75DA61-FD57-45D9-B06A-4377993E89F5}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 21:01:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


folder error: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 21:03:19
ComboFix-quarantined-files.txt  2008-04-30 20:02:46

Pre-Run: 50,794,844,160 bytes free
Post-Run: 50,663,309,312 bytes free

369    --- E O F ---    2008-04-28 10:10:19

Comments

  • Romey
    Romey
    Options

    And now HijakThis Log...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:24:44, on 30/04/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix: 
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: NameServer = 208.67.220.220,208.67.222.222 
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CF1473FE-D54E-4AB1-B0BD-6CF1A561295E}: NameServer = 208.67.220.220,208.67.222.222 
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: NameServer = 208.67.220.220,208.67.222.222 
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 5909 bytes

  • Niels
    Niels
    Options

    Hello Romey,


    Can you please archive the following files:


    S64CPA.exe


    athihvs.dll


    Both are located in the system 32 windows subfolder.


    And nn-NO


    How to do that is described here.But upload your achive in this forum section. So BitDefender will be able to detect it.


    Best regards


    Niels

  • Romey
    Romey
    Options

    I went into the System32 folder, found these folders, went to archive them and for all three my access was denied :S


    Please could you tell me what to do? And why are these files dangerous?


    Thanks again, Romey.

  • Niels
    Niels
    Options

    Hello Romey,


    Reboot your pc into safe mode. By just rebooting your pc and press several times the F8 button before the windows splash screen. Select safe mode press enter. Log in with your account and try to archive it again.


    I am no virus researcher or analysist but the files I wanted you to archive aren't default windows files.


    Best regards


    Niels

All Time Leaders

Categories

Defenders of the month