paojus Posted April 15, 2008 Report Share Posted April 15, 2008 hi, need help...this is the log file of my computerLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:51:50 PM, on 4/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BitDefender\BitDefender 2008\bdagent.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Photodex\ProShowGold\ScsiAccess.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2008\vsserv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:system.ini: UserInit=userinit.exe,mma.batO1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.es127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [sVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5EFC0C75-178E-4284-9ED2-340F2D004DE5}: NameServer = 85.255.115.29,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\..\{9039F383-59B3-4F59-80F0-AD27A3D81E8E}: NameServer = 85.255.115.29,85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.61O17 - HKLM\System\CS1\Services\Tcpip\..\{5EFC0C75-178E-4284-9ED2-340F2D004DE5}: NameServer = 85.255.115.29,85.255.112.61O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.61O17 - HKLM\System\CS2\Services\Tcpip\..\{5EFC0C75-178E-4284-9ED2-340F2D004DE5}: NameServer = 85.255.115.29,85.255.112.61O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.29 85.255.112.61O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exeO23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe--End of file - 6025 bytes Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 15, 2008 Report Share Posted April 15, 2008 It certainly looks like it's bitdefender. To be sure, get Process Explorer... use the Find feature (Ctrl-F) on the file you're currently accessing which gets the problem. The pop up will show you all processes accessing it. From there hopefully it will say which feature needs to be turned off or made an exception for your Downloads folder so at least they're not accessed until the files are complete. Link to comment Share on other sites More sharing options...
paojus Posted April 15, 2008 Author Report Share Posted April 15, 2008 @jewelisheaven: i have the process explorer but i dont know what file to find...sorry i still dont know what to do..please help me. Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 15, 2008 Report Share Posted April 15, 2008 So nothing came up in the Find results except for utorrent.exe? I'd start by stopping or disabling O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe via the GUI it comes with OR start->run->services.msc Link to comment Share on other sites More sharing options...
Firon Posted April 15, 2008 Report Share Posted April 15, 2008 Disable Nero Scout. Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 15, 2008 Report Share Posted April 15, 2008 There is no nero installed according to the HJT Link to comment Share on other sites More sharing options...
paojus Posted April 16, 2008 Author Report Share Posted April 16, 2008 @jewelisheaven: tried to disable the file you suggested...still problem persists...there was no option that can be stopped...what would you suggest sir? Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 16, 2008 Report Share Posted April 16, 2008 Turn off or uninstall all BitDefender processes :/ If nothing pops up in Process Explorer I don't know what else to try except get to a point where it does NOT happen and then slowly turn things back on little by little to make it reoccur and then look through the documentation of that process/feature to see "how do i make uTorrent.exe work" Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.