Hyjack Log
Hey, im getting the same problem as this person.
http://forum.bitdefender.com/index.php?showtopic=5285
I cant get rid of that virus! so here is my log
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: {3fd8f4e6-077e-71bb-a694-3b54dede0e24} - {42e0eded-45b3-496a-bb17-e7706e4f8df3} - (no file)
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - (no file)
O2 - BHO: (no name) - {6FDEEC9A-D235-4A5E-A335-AAD10AC1BA7B} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cyber] C:\Program Files\BELKIN\cyberChk.exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [e8a306b5] rundll32.exe "C:\WINDOWS\system32\ihmmldqj.dll",b
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214519247421
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: nnnlkHYO - nnnlkHYO.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 4491 bytes
Comments
-
Please post the complete log
0 -
Sorry.. Lol
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:11 AM, on 1/1/2066
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: {3fd8f4e6-077e-71bb-a694-3b54dede0e24} - {42e0eded-45b3-496a-bb17-e7706e4f8df3} - (no file)
O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - (no file)
O2 - BHO: (no name) - {6FDEEC9A-D235-4A5E-A335-AAD10AC1BA7B} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cyber] C:\Program Files\BELKIN\cyberChk.exe
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [e8a306b5] rundll32.exe "C:\WINDOWS\system32\ihmmldqj.dll",b
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1214519247421
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: nnnlkHYO - nnnlkHYO.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 4491 bytes0 -
Ok, i am having some computer problems. NONE of these problems are slowing down my computer they are just annoying. First thing, Every time i restart/turn on my computer. This blue background screen pops up and all it says is "Please Wait...." for 5 seconds than it goes away and windows starts up. Upon logging into my user.
I get this error at startup!
Cant upload it anywhere else cause IE wont let me...
... i cant seem to upload it anywhere...
So this is what it says
RUNDLL
Error loading C:\WINDOWS\system32\ihmmldqj.dll
The specified module could not be found..
Finally uploaded it
http://www.megaupload.com/?d=R0ZEDRUR
Uploaded it on this post as an attatchment as well..
and before i was getting this pop up that sayd
PMC Laser Lens
Its time to clean you laser lens
I hit ok.. Nothing happens.. .Lol? I havent installed any PMC Laser Lens software...
Also, when ever i used firefox or iexplorer i could visit some sites.. I could go to youtube.com but when i tryd to search something there i hi enter and it never loads..same with if i go to google.com and i try to search something i hit enter and it loads but seems to never stop loading. Now i try to reinstall Firefox now i cant uninstall it nor use it. If i go to add and remove programs and click on it and click on remove nothing happens...so now i cant use firefox...
Also i did a scan with bitdefender and it said i had like 8 viruses...
Trojan.Vundo.EUO
Trojan.Vundo.EWZ
Trojan.Vundo.EWS
and i had like 2 of each.. if not more... Well at first it wouldnt delete some of them than i did a second scan and it deleted all now i am doing another scan and i have 2 infected files but the scan is still going.. Anyways I cant reformat this computer cause i do not have a reformating disc and i cant lose all of my data so if anyone can help me as much as they can i would really appreciate so much and ill give them a cookie... Lol...
Thx alot..
Antonio
I also posted a Hyjack log in the Analyze on these forums...
Thx again
Antonio
0 -
Hello Antonio456,
I've merged the topic that you created in the general section with this topic.
For the issue error loading ... please do this press the windows button together with r now type msconfig press enter click on the startup tab. Now search for an entry called ihmmldqj.dll (or e8a306b5) uncheck the box. If asked to reboot deny it. After that press again the windows button together with r now type regedit press enter expand (by pressig on the +-sign)the following key hkey_local_machine and the following folders and subfolders: software,microsoft,windows,currentversion,run. Now take a look at the right side off the screen look for an entry called ihmmldqj.dll select it and press on delete. It could also have the name e8a306b5.
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.
Kind regards,
Niels0 -
error message gone. Altho it wasnt where you told me ... so i searched it on regedit, found it, and deleted it
thx for that!
no here is log
ComboFix 08-07-14.2 - Antonio 2008-07-14 16:09:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -4:00]
Running from: C:\Documents and Settings\Antonio\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Antonio\Desktop\WinXP_EN_PRO_BF.EXE
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jqdlmmhi.ini
C:\WINDOWS\system32\lVFPonpo.ini
C:\WINDOWS\system32\lVFPonpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\msbasavp.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
2066-01-01 09:15 . 2066-01-01 09:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 20:03 . 2008-07-12 20:03 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\BitDefender
2008-07-12 20:00 . 2065-12-31 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-12 17:22 . 2008-07-12 17:37 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-12 16:37 . 2008-07-12 17:37 <DIR> d-------- C:\Program Files\Silkroad
2008-07-10 21:01 . 2008-07-12 19:29 110,419 --a------ C:\WINDOWS\BMeb903529.xml
2008-07-08 21:01 . 2008-07-08 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\POP3Profiles
2008-07-08 20:11 . 2008-07-08 20:11 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-07-08 19:47 . 2008-07-08 19:47 <DIR> d-------- C:\Program Files\Aspyr Media, Inc
2008-07-08 12:46 . 2008-07-08 12:46 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-07-07 21:49 . 2008-07-07 21:49 <DIR> d-------- C:\Program Files\Xfire Plus
2008-07-07 21:49 . 2008-07-07 21:49 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Xfire Plus
2008-07-07 20:47 . 2008-07-07 20:47 <DIR> d-------- C:\Program Files\BELKIN
2008-07-07 20:46 . 2008-07-07 20:46 <DIR> d-------- C:\Documents and Settings\Antonio\WINDOWS
2008-07-07 20:46 . 1997-03-24 17:42 314,368 --a------ C:\WINDOWS\IsUninst.exe
2008-07-07 18:17 . 2008-07-07 18:23 <DIR> d-------- C:\WINDOWS\NV28081316.TMP
2008-07-07 18:17 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-07 17:57 . 2008-07-14 16:13 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-07 17:56 . 2008-07-07 18:23 <DIR> d-------- C:\WINDOWS\nview
2008-07-07 17:56 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-07 17:56 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-07 17:53 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-07 17:43 . 2008-07-07 17:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-07 17:05 . 2008-07-07 17:10 <DIR> d-------- C:\WINDOWS\NV6803620.TMP
2008-07-07 16:36 . 2008-07-07 22:36 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-07 16:04 . 2008-07-07 16:04 <DIR> d-------- C:\Program Files\Sierra
2008-07-06 23:07 . 2008-07-06 23:07 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-07-06 23:07 . 2008-07-06 23:07 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-06 23:05 . 2008-07-06 23:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 22:35 . 2008-07-08 20:42 <DIR> d-------- C:\Program Files\UBISOFT
2008-07-06 22:05 . 2008-07-06 22:05 <DIR> d-------- C:\Extras
2008-07-06 22:05 . 2008-07-06 22:05 <DIR> d-------- C:\Autorun
2008-07-06 20:48 . 2008-07-12 19:26 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-06 17:33 . 2008-07-08 14:25 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Hamachi
2008-07-06 17:29 . 2008-07-08 12:46 <DIR> d-------- C:\Program Files\Hamachi
2008-07-05 21:34 . 2008-07-05 21:34 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\FSW2
2008-07-04 20:15 . 2008-07-06 19:08 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Ventrilo
2008-07-04 20:12 . 2008-07-06 19:08 <DIR> d-------- C:\Program Files\Ventrilo
2008-07-03 14:03 . 2008-07-08 01:09 <DIR> d-------- C:\Program Files\Project64 1.6
2008-07-03 11:49 . 2008-07-08 20:11 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-03 00:06 . 2008-07-03 11:51 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Command & Conquer 3 Tiberium Wars
2008-07-03 00:02 . 2008-07-03 00:02 <DIR> dr-h----- C:\Documents and Settings\Antonio\Application Data\SecuROM
2008-07-02 23:20 . 2008-07-02 23:20 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-02 22:36 . 2008-07-07 18:17 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-02 22:36 . 2008-07-02 22:38 <DIR> d-------- C:\WINDOWS\NV38803884.TMP
2008-07-02 22:35 . 2008-07-02 22:35 <DIR> d-------- C:\NVIDIA
2008-07-02 22:27 . 2008-07-14 16:15 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-02 22:16 . 2008-07-02 22:16 <DIR> d-------- C:\Program Files\DVD X Studios
2008-07-02 22:16 . 2008-07-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2008-07-02 21:41 . 2008-07-02 21:41 <DIR> d-------- C:\Documents and Settings\Antonio\temp
2008-07-02 21:41 . 2008-07-04 18:10 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\TeamViewer
2008-07-02 14:29 . 2008-07-02 14:30 <DIR> d-------- C:\Program Files\TibEd 2
2008-07-02 00:02 . 2008-07-07 21:06 <DIR> d-------- C:\Program Files\THQ
2008-07-02 00:00 . 2008-07-02 00:00 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\InstallShield
2008-07-01 23:22 . 2008-07-14 16:12 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-01 23:07 . 2008-07-01 23:07 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-01 23:07 . 2008-07-12 20:01 <DIR> d-------- C:\Program Files\BitDefender
2008-07-01 20:26 . 2008-07-01 20:26 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\vlc
2008-07-01 20:24 . 2008-07-02 22:08 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\dvdcss
2008-07-01 20:23 . 2008-07-01 20:23 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-01 18:55 . 2008-07-01 18:55 <DIR> d-------- C:\Program Files\Atari
2008-07-01 18:11 . 2008-07-01 18:11 185 --a------ C:\WINDOWS\system32\FOLESVR.DLL
2008-07-01 18:11 . 2008-07-01 18:16 0 --a------ C:\WINDOWS\PlayList.Fpl
2008-07-01 18:09 . 2008-07-02 22:07 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-07-01 18:00 . 2008-07-01 18:00 <DIR> d-------- C:\Program Files\Fantasysoft-Studio
2008-07-01 17:31 . 2008-07-01 17:31 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
2008-07-01 16:35 . 2008-07-01 17:55 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-01 16:21 . 2004-08-04 02:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-29 14:54 . 2008-06-29 14:54 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-28 23:39 . 2008-06-28 23:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-28 20:00 . 2008-06-28 20:00 <DIR> d-------- C:\Program Files\Ares
2008-06-28 18:23 . 2008-06-28 18:23 <DIR> d-------- C:\Program Files\uTorrent
2008-06-28 18:23 . 2008-07-12 17:37 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\uTorrent
2008-06-28 16:28 . 2008-06-28 16:30 <DIR> d-------- C:\Documents and Settings\test\Application Data\Xfire
2008-06-28 16:28 . 2008-07-12 19:26 <DIR> d-------- C:\Documents and Settings\test
2008-06-28 14:31 . 2008-06-28 14:31 <DIR> d-------- C:\Program Files\EA Games
2008-06-28 12:04 . 2008-06-28 12:06 <DIR> d-------- C:\Program Files\SHOUTcast
2008-06-27 19:20 . 2008-06-27 19:20 <DIR> d-------- C:\Program Files\VIAudioi
2008-06-27 17:52 . 2008-06-27 17:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-27 17:18 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-27 17:18 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-27 17:18 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-27 16:57 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 16:51 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-27 16:11 . 2008-07-09 15:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-27 13:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-27 13:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-27 13:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-27 06:11 . 2008-06-27 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-26 21:44 . 2008-06-26 21:44 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-06-26 21:39 . 2008-06-26 21:39 <DIR> d-------- C:\Documents and Settings\Antonio\Contacts
2008-06-26 21:38 . 2008-07-06 23:07 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-06-26 21:29 . 2008-06-26 21:38 <DIR> d-------- C:\Program Files\Windows Live
2008-06-26 21:29 . 2008-06-26 21:38 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 21:29 . 2008-06-26 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-26 21:23 . 2008-06-26 21:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-26 21:22 . 2008-06-26 21:22 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-26 20:51 . 2008-06-26 20:51 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-26 20:51 . 2008-06-26 20:51 <DIR> d-------- C:\WINDOWS\peernet
2008-06-26 20:50 . 2008-06-26 20:50 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-26 20:50 . 2008-06-26 20:50 <DIR> d-------- C:\Program Files\TheWeatherNetwork
2008-06-26 20:33 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- C:\WINDOWS\EHome
2008-06-26 20:20 . 2008-06-26 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-26 20:14 . 2004-08-04 03:56 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2008-06-26 20:13 . 2008-06-26 20:16 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2008-06-26 20:13 . 2003-08-02 00:14 25,600 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-06-26 20:05 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-06-26 20:05 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-06-26 20:05 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-06-26 19:43 . 2008-06-26 19:43 <DIR> d-------- C:\Program Files\DFX
2008-06-26 19:43 . 2008-06-26 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX
2008-06-26 19:40 . 2008-07-01 18:54 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-26 19:38 . 2008-06-28 12:04 <DIR> d-------- C:\Program Files\Winamp
2008-06-26 19:38 . 2008-06-28 19:24 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Winamp
2008-06-26 19:07 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-26 19:07 . 2004-08-04 03:56 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-06-26 19:07 . 2004-08-04 03:56 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2008-06-26 19:07 . 2004-08-04 03:56 33,280 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-06-26 19:07 . 2004-08-04 03:56 30,720 --a------ C:\WINDOWS\system32\vbisurf.ax
2008-06-26 19:07 . 2004-08-04 02:10 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-06-26 19:07 . 2004-08-04 02:10 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2008-06-26 19:07 . 2004-08-04 02:10 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2008-06-26 19:07 . 2004-08-04 02:10 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2008-06-26 19:02 . 2008-06-26 19:02 <DIR> d-------- C:\Program Files\PowerISO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 00:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 06:28 56,108 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 14:54 4501912]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-03 20:32 961024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-06-16 04:52 167936]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-07-26 02:19 540672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"Cyber"="C:\Program Files\BELKIN\cyberChk.exe" [1999-05-21 02:59 192000]
"Xfire Music"="C:\Program Files\Xfire\xfiremusic.exe" [2006-11-20 22:12 253650]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-12 20:36 368640]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\Antonio\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-26 16:10:40 3031376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4X.exe"=
"C:\\Program Files\\Sierra\\SWAT 4\\ContentExpansion\\System\\Swat4XDedicatedServer.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 23:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-12 20:37]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -
BHO-{42e0eded-45b3-496a-bb17-e7706e4f8df3} - (no file)
BHO-{6FDEEC9A-D235-4A5E-A335-AAD10AC1BA7B} - (no file)
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
Notify-nnnlkHYO - nnnlkHYO.dll
MSConfigStartUp-e8a306b5 - C:\WINDOWS\system32\ihmmldqj.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 16:14:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
.
**************************************************************************
.
Completion time: 2008-07-14 16:18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 20:17:59
Pre-Run: 31,384,145,920 bytes free
Post-Run: 32,850,362,368 bytes free
WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
239 --- E O F --- 2008-07-10 23:18:050 -
Hello Antonio456,
Sorry for the delay. But I am very busy at the moment.
Can you please archive the following 2 files that are called NV28081316.TMP,NV6803620.TMP and NV38803884.TMP you will find them into the windows folder. Password protect the archive. How to do that see this topic take a look at the second post. Make a new topic in this forum section. You must be sure that the archive doesn't exceed 2 mb. To upload it once you are in the screen for creating a new topic scroll down untill you see the attachments section press on browse and navigate to the location off your archive press on open and on upload.
Please download SDFix. Save it on your desktop. Be sure that you are logged on with an administrator account. Double click on it don't change the installation directory. Reboot your pc into safe mode by pressing the F8 button before the windows splash screen select safe mode press enter. Navigate to start,my computer,SDFix and double click on RunThis.bat
press y and press enter. Please post the sdfix report.
Kind regards,
Niels0 -
Topic splited.
Posts moved to Samples section.0
