InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : spyware or malware help?? |
|
Answer» O22 - SharedTaskScheduler: causes - {0fe36c74-667b-454b-828e-75e4e72cbef8} - (no file) thats from hijack this log.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be PRESENTED with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Scan done and the report. Malwarebytes' Anti-Malware 1.34 Database version: 1812 Windows 5.1.2600 Service Pack 3, v.5657 2/27/2009 10:01:21 PM mbam-log-2009-02-27 (22-01-21).txt Scan type: Quick Scan Objects scanned: 75461 Time elapsed: 5 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) Thank You evilfantasy for all your help. Thank you so much. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixthe link you gave me to disable my anit-virus s not workin i have bitdefender total security 2009. the steps they gave to temporarily disable them is not workin. i dont see virus shield on my program. help Try running ComboFix anyway. Just allow it to run if BitDefender tries to stop it.is this a anti-virus program Bitdefender Total Security 2009 there you go. ComboFix 09-02-27.02 - Administrator 2009-02-27 22:42:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.636 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: BitDefender Antivirus *On-access scanning disabled* (Updated) FW: BitDefender Firewall *disabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe c:\windows\system32\winio.dll . ((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))) . 2009-02-27 22:41 . 2009-02-27 22:41 731 --a--c--- c:\windows\system32\BDUpdateV1.xml 2009-02-27 21:54 . 2009-02-27 21:54 d----c--- c:\program files\Malwarebytes' Anti-Malware 2009-02-27 21:54 . 2009-02-27 21:54 d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-27 21:54 . 2009-02-27 21:54 d----c--- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-27 21:54 . 2009-02-11 10:19 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-27 21:54 . 2009-02-11 10:19 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys 2009-02-25 09:53 . 2009-02-25 09:53 d----c--- c:\program files\Trend Micro 2009-02-24 23:57 . 2009-02-24 23:57 d----c--- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-19 09:58 . 2009-02-19 10:01 d----c--- c:\program files\RegCure 2009-02-19 09:39 . 2009-02-22 19:02 d----c--- c:\program files\Security Task Manager 2009-02-19 09:39 . 2009-02-19 09:49 d----c--- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-02-16 00:14 . 2009-02-16 00:17 d----c--- c:\documents and settings\Administrator\Application Data\ErrorFix 2009-02-16 00:06 . 2009-02-16 00:06 23,392 --a--c--- c:\windows\system32\nscompat.tlb 2009-02-16 00:06 . 2009-02-16 00:06 16,832 --a--c--- c:\windows\system32\amcompat.tlb 2009-02-14 19:16 . 2009-02-14 19:16 d----c--- c:\documents and settings\Administrator\Application Data\Xilisoft Corporation 2009-02-14 19:15 . 2009-02-14 19:15 d----c--- c:\program files\Xilisoft 2009-02-14 17:52 . 2009-02-14 17:52 d----c--- c:\documents and settings\Guest\Application Data\Windows Desktop Search 2009-02-14 17:52 . 2009-02-14 17:52 d----c--- c:\documents and settings\Guest\Application Data\BitDefender 2009-02-12 13:50 . 2006-10-26 19:56 32,592 --a--c--- c:\windows\system32\msonpmon.dll 2009-02-12 13:47 . 2009-02-12 13:47 d----c--- c:\program files\Microsoft Works 2009-02-12 13:46 . 2009-02-12 13:46 d----c--- c:\program files\MSBuild 2009-02-12 13:43 . 2009-02-12 13:43 d----c--- c:\program files\Microsoft.NET 2009-02-12 13:40 . 2009-02-12 13:40 d----c--- c:\program files\Microsoft Visual Studio 8 2009-02-12 13:39 . 2009-02-12 13:45 d----c--- c:\windows\SHELLNEW 2009-02-12 13:38 . 2009-02-12 13:51 d----c--- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-12 13:37 . 2009-02-12 13:37 dr-h-c--- C:\MSOCache 2009-02-12 13:25 . 2009-02-12 13:25 d----c--- C:\ConverterOutput 2009-02-12 13:24 . 2009-02-12 13:24 d----c--- c:\program files\Cucusoft 2009-02-12 13:24 . 2007-03-25 00:51 3,049,984 --a--c--- c:\windows\system32\libavcodec.dll 2009-02-12 13:24 . 2007-03-25 21:40 2,174,976 --a--c--- c:\windows\system32\ffdshow.ax 2009-02-12 13:24 . 2007-03-25 00:51 404,480 --a--c--- c:\windows\system32\libmplayer.dll 2009-02-12 13:24 . 2007-01-01 05:30 200,704 --a--c--- c:\windows\system32\TomsMoComp_ff.dll 2009-02-12 13:24 . 2006-07-08 04:07 114,688 --a--c--- c:\windows\system32\PropListCtrl.ocx 2009-02-12 13:24 . 2007-03-25 00:51 114,688 --a--c--- c:\windows\system32\libmpeg2_ff.dll 2009-02-12 13:24 . 2004-09-10 13:50 34,820 --a--c--- c:\windows\system32\ffdshow.reg 2009-02-12 09:43 . 2009-02-24 15:19 d----c--- c:\program files\PeerGuardian2 2009-02-11 16:38 . 2009-02-27 22:42 121 --a--c--- c:\windows\bdagent.INI 2009-02-11 16:37 . 2009-02-11 16:37 d----c--- c:\documents and settings\Administrator\Application Data\Windows Search 2009-02-11 16:34 . 2009-02-11 16:34 d----c--- c:\windows\system32\GroupPolicy 2009-02-11 16:34 . 2009-02-11 16:34 d----c--- c:\program files\Windows Desktop Search 2009-02-11 16:34 . 2009-02-11 16:34 d----c--- c:\documents and settings\Administrator\Application Data\Windows Desktop Search 2009-02-11 16:32 . 2009-02-16 00:04 d----c--- c:\program files\Windows Media Connect 2 2009-02-11 16:30 . 2009-02-11 16:31 d----c--- c:\windows\system32\drivers\UMDF 2009-02-11 16:15 . 2009-02-11 16:15 850 --a--c--- c:\windows\system32\ProductTweaks.xml 2009-02-11 16:15 . 2009-02-11 16:15 385 --a--c--- c:\windows\system32\user_gensett.xml 2009-02-11 16:04 . 2009-02-27 22:41 81,984 --a--c--- c:\windows\system32\bdod.bin 2009-02-11 15:59 . 2009-02-11 15:59 d----c--- c:\windows\system32\logs 2009-02-11 15:59 . 2009-02-11 15:59 d----c--- c:\program files\BitDefender 2009-02-11 15:59 . 2009-02-11 16:02 d----c--- c:\documents and settings\All Users\Application Data\BitDefender 2009-02-11 15:59 . 2009-02-11 15:59 d----c--- c:\documents and settings\Administrator\Application Data\BitDefender 2009-02-11 15:59 . 2009-02-11 15:59 d----c--- C:\Binaries 2009-02-11 15:57 . 2009-02-11 15:57 d----c--- c:\windows\system32\URTTemp 2009-02-11 15:50 . 2009-02-11 15:59 d----c--- c:\program files\Common Files\BitDefender . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-28 02:40 --------- dc----w c:\program files\lg_fwupdate 2009-02-27 19:28 --------- dc----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-02-25 05:11 --------- dc----w c:\program files\LimeWire 2009-02-14 23:52 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-13 04:10 --------- dc----w c:\program files\7-Zip 2009-02-12 14:33 --------- dc----w c:\documents and settings\All Users\Application Data\WinZip 2009-02-11 21:04 104,328 -c--a-w c:\windows\system32\drivers\bdfndisf.sys 2009-01-25 20:56 --------- dc----w c:\documents and settings\Administrator\Application Data\Apple Computer 2009-01-23 21:30 --------- dc----w c:\program files\Apple Software Update 2009-01-23 21:30 --------- dc----w c:\documents and settings\All Users\Application Data\Apple 2009-01-20 16:13 --------- dc----w c:\program files\DivX 2009-01-14 19:42 --------- dc----w c:\program files\CDisplay 2009-01-07 19:48 --------- dc----w c:\documents and settings\All Users\Application Data\ATI MMC 2009-01-07 06:44 --------- dc----w c:\documents and settings\Administrator\Application Data\vlc 2008-12-20 23:15 826,368 -c--a-w c:\windows\system32\wininet.dll 2008-12-18 16:48 410,984 -c--a-w c:\windows\system32\deploytk.dll 2008-12-11 00:33 86,016 -c--a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 -c--a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 -c--a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 -c--a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 -c--a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 -c--a-w c:\windows\system32\dpu11.dll 2008-10-05 19:53 22,328 -c--a-w c:\documents and settings\Administrator\Application Data\PnkBstrK.sys 2004-10-01 19:00 40,960 -c--a-w c:\program files\Uninstall_CDS.exe 2002-05-28 12:19 61,440 -c--a-w c:\windows\inf\i386\onetUSD.dll 2002-05-20 12:22 36,864 -c--a-w c:\windows\inf\i386\Vizmicro.dll 2002-05-20 12:20 172,032 -c--a-w c:\windows\inf\i386\viceo.dll 2002-05-20 12:02 225,280 -c--a-w c:\windows\inf\i386\rtscan.dll 2001-08-03 22:29 13,824 -c--a-w c:\windows\inf\i386\Usbscan.sys 2008-12-16 22:52 61,440 -c--a-w c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-15 106571] "ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360] "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-04 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968] "ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-12-29 548864] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896] "OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-28 86016] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Supero Doctor III Client.lnk - c:\program files\SUPERMICRO\SDIII\SuperoDoctor.exe [2008-07-23 397312] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 ISAIONT;ISAIONT;c:\windows\system32\drivers\IsaIoNt.sys [2008-07-23 3853] R1 MemMapNt;MemMapNt;c:\windows\system32\drivers\memmapnt.sys [2008-07-23 3908] R1 SMBus;SMBus;c:\windows\system32\drivers\smbus.sys [2008-07-23 10112] R1 superbmc;superbmc;c:\windows\system32\drivers\SUPERBMC.SYS [2008-07-23 14169] R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696] R2 SuperMicro Health Assistant;SuperMicro Health Assistant;c:\program files\SUPERMICRO\SDIII\NTService.exe [2008-07-23 131072] R2 Supero SD3Service Daemon;Supero SD3Service Daemon;c:\windows\system32\SD3Service.exe [2008-07-23 40960] R2 Xitami;Xitami Web Server;c:\program files\SUPERMICRO\SDIII\xitami\xiwinnt.exe [2008-07-23 552960] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-27 c:\windows\Tasks\ErrorFix Scan.job - c:\program files\ErrorFix\ErrorFix.exe [] 2009-02-27 c:\windows\Tasks\ErrorFix Scan.job - c:\program files\ErrorFix [] 2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-790525478-1417001333-500.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 00:32] 2009-02-28 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-02-13 23:20] 2009-02-26 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-02-13 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ig28otl2.default\ FF - prefs.js: browser.startup.homepage - ww.google.com FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 22:44:53 Windows 5.1.2600 Service Pack 3, v.5657 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:8e,2e,5c,88,69,c3,a3,16,8f,2c,e2,70,9e,01,5e,ac,72,c1,33,82,c8,53,62, df,5f,bc,e7,90,01,a3,5c,79,9e,f3,19,4a,c6,b7,2e,18,4b,6d,fd,df,a4,3c,c4,2c,\ "??"=hex:0f,48,1a,76,ce,fe,3d,eb,b8,9e,e1,3e,48,7b,fe,fd . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-27 22:46:56 ComboFix-quarantined-files.txt 2009-02-28 03:46:42 Pre-Run: 105,960,312,832 bytes free Post-Run: 106,018,836,480 bytes free 220 --- E O F --- 2009-02-27 05:01:06
How is the computer running now? my firefox is still slow loadin up when i click on it. i dont feel anything different still the same. dont know what you mean. i do another hijack this and post the log up again. dude thanks for all your help. i will recommend you to others. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:05:47 PM, on 2/27/2009 Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SUPERMICRO\SDIII\NTService.exe C:\WINDOWS\system32\SD3Service.exe C:\WINDOWS\system32\WinVNC.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\NTService.exe O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\WINDOWS\system32\WinVNC.exe O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe -- End of file - 9216 bytes i found a way to disable the anitvirus and firewall. once you the icon on right top corner it will say switch to advanced view. another window pop up and left side of screen you will see a list and anti-virus and firewall is on the list. once you click on them you will see disable and your done. you can reword and put in link you gave for people who has latest bitdefender. Have HijackThis fix this entry: O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) Close all browsers before clicking Fix checked. -- Do you mean when you first start Firefox? If so then that's how it is. Mine takes a while to open when it first starts also. |
|