Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Maverick115

1 Rookie

 • 

38 Posts

3009

October 15th, 2006 07:00

Trojan Infestation (and Mouse/Internet/BitDefender) Problems (*Posted New Log Bamajim*)

This is a cross-post from the Windows XP forums because someone there suggested I post here.  This started out as a trojan problem that became a reboot problem that developed into a mouse/internet/BitDefender/Trojan problem.  For the full history, read on.  If you don't want to read my long history or to just get to where I'm at now, skip down to **PART TWO**. 
 
PART ONE
 
The Story So Far...
 
My problem is happening on my old Dimension 8200, not my new XPS 410, FYI.  I am writing this on my new XPS.  The Dimension 8200 is a P4 1.8 with 640 megs of RAM and Windows XP Home Edition.  Any details I post on my Dimension will have to be off the top of my head unless I can get it from MSDOS prompt, cuz I can't even boot it in safe mode now.  I'll tell the story from the beginning (or if you don't feel like reading you can just skip to the chase by scrolling down to THE CHASE below)

A few days ago, I tried out a new Anti-spyware program (SpySweeper) in order to prep my old PC to give to someone else (I was just wrapping it up) and to transfer a bunch of stuff to my new PC.  Spysweeper detected a Trojan (ldpinch) on my computer that my usual AV (Avast) didn't.  Amazingly, immediately after just-downloaded SpySweeper (yes I downloaded spysweeper direct from the company's web site) picked up ldpinch, Avast, which earlier the same day picked up nothing, suddenly picked up a virus as well, but a different one (possibly the virus was dropped by the Trojan or the other way around).  Keep in mind that I usually run a very tight ship on my PC - I don't visit fishy web sites, I never run strange executables (and if I do I always scan them with an updated Avast, something I'm going to have to rethink), don't fall for e-mail scams, never open strange attachments, etc.  Unfortunately, I do shut off my firewall most of the time because it interferes with too much normal functioning and I don't know how to configure it properly so that it doesn't. 

I subsequently went ballistic, downloading every free virus program available to be sure my system was clean (and because the free version of Spysweeper can't clean).  I got AVG, NOD32, PCTools and Spyware Doctor (free version also can't clean) to start.  I ran Avast until it said all was clear.  Then AVG picked up a quite a few Trojans/viruses and cleaned them all.  Apparently an infinite potion stacking and a relics-in-epics mod I downloaded for Titan Quest a few weeks ago were Trojans (no choice, I absolutely could not play without them lol).  I don't know if those were my only Trojan sources though - seems like I have/had too great a variety of Trojans for those to be the only ones, and they were the same one. 

I found a second csrss.exe in my task manager after a boot and my firewall said it was trying to access some site in Spain.  I promptly deleted the fake csrss.exe from my Windows directory, not touching the real one in /system32.  I also manually deleted some other fishy files I found in my task manager and researching them on google to make sure they were not legit (I could easily spot them because I keep my task manager very clean).  I also checked to make sure said files did not reappear after subsequent reboots. 

Even after manually deleting some Trojan related files and the Avast and AVG sweeps, Spydoctor and Spysweeper kept picking up trojans (ldpinch and Win32:Hackspy).  Since they found them in the registry only, I decided to just remove them from the registry manually, which I did.  Checking many times through subsequent reboots, none of the registry entries reappeared, and Spydoctor and Spysweeper gave me clean scans (free of Trojans/viruses, anyway, didn't bother with cookies).  NOD32 was useless, never picked up anything at all, ever.  I then uninstalled Spysweeper (not Spydoctor yet). 

Then, just to be safe, I decided to download a cocktail of everything else that had reasonably good reviews (except Moosoft Cleaner since my trial expired a long time ago for that):  Sunbelt Counterspy, Kaspersky AV, Avira AntiVir, BitDefender, Panda (didn't install because conflicted with AVG), Stopzilla 4.3, and maybe one or two more that I forget.  Stopzilla picked up a couple of new Trojans in registry only.  It said it wouldn't clean them in the free trial, but automatically quarantined them and when I uninstalled Stopzilla so I could manually remove them from the registry, they were gone, even after several reboots.  Sunbelt Counterspy picked up Backdoor.Genlot.DX in an actual file in Local Settings.  Aside from that all the other ones gave me clean scans except BitDefender, which I installed last. 

After I installed BitDefender, updated it, and rebooted, my endless reboot nightmare began.  The reboot occured right after the Windows XP splash screen disappears.  The Windows splash screen appeared for the expected amount of time, then when the welcome screen should appear, the screen goes black, my CD drives spin up, and the system reboots - each and every single time - in an endless loop. 

Figuring that BitDefender must be the cause of the problem (well, BitDefender and all the other virus programs I had loaded), I thought I could just boot in Safe Mode, uninstall BitDefender, and be done with it.  Unfortunately, BitDefender can't be uninstalled in Safe Mode.  Since I couldn't access the Internet at the time (I didn't set up my XPS 410 for net access yet at the time), I couldn't find instructions on how to manually remove BitDefender, so I did some creative tinkering of my own. 

First, I decided to uninstall every single one of the recently downloaded anti-virus/anti-spyware programs that I could in safe mode.  I did not try uninstalling my old favorite, Avast.  A few remained when I was done (they also couldn't be uninstalled in safe mode) - if I remember right, they were Sunbelt Counterspy and Kaspersky AV.  Did this solve it?  Nope.  The reboot problem still kept happening. 

Next, I decided to edit my startup programs with msconfig.  Usually, I disable every TSR I can get away with disabling (including Avast's) in msconfig as soon as I install a program.  I didn't bother disabling the TSR components of all my recent antivirii/antispyware when I installed those because I figured I was uninstalling most of them soon anyway, after I made sure my system was clean.  I did aggressively choose to disable/not install the TSR components of all my new antivirii/antispyware when installing/running them, but the things just up and install the TSR's anyway. 

So for my next step, I decided to disable all of these.  It didn't work, but worse, I found something terrible - msblaster.exe was listed under startup!  I recalled that this was a worm because I had it once before.  The thing about it was that it was UNCHECKED when I found it.  What kind of virus adds itself to startup unchecked?  Anyway, I did a system file search for msblaster.exe and checked the usual locations (windows directory, system directories, root) and couldn't find it.  Maybe it was left over from the last time I had msblaster (years ago I think)?  I don't think so because I use msconfig all the time and I'd remember seeing something like that every time. 

Next I finally got my XPS 410 internet up and running.  I did some research on msblaster and found out that it caused endless reboots.  However, unlike my reboots, msblaster reboots actually load up windows and then say "the system will be shutting down in 30 seconds" or something like that.  I wasn't getting anything like that.  Still, it's a possibility. 

To be sure I didn't have msblaster, I ran all the antiviruses I had left - Avast, Kaspersky, and Sunbelt Counterspy.  These all had the latest definition updates (10/12/06) so that wasn't a problem.  They all came up dry.  Keep in mind that all of my antivirus cocktail gave me clean full scans before this reboot started (except BitDefender which I never got to use, obviously).  I also double checked to see if there were any of the msblaster affiliated processes in task manager - I didn't of course, or I would have spotted them earlier since I was checking the process list every minute at this point. 

Next, I deleted the BitDefender directory manually.  I had to do this in MS DOS in a clean boot, because some file in it was loaded even in safe mode.  Didn't work. 

Next, I tried doing a startup with all services/startup programs unchecked.  Nope.  Then I tried a diagnostic startup.  Nope.  Then I tried F8 menu options.  First I tried disable reboot on system fail.  That did stop the reboots, but after the splash screen I just get a black screen and it just stays like that forever.  Manual reboot, turned it off.  I tried everything else on the F8 list.  I couldn't use System Restore because I turned it off - I don't like it because I usually like to fix problems myself, and because my old computer was slow as with tiny hard drives (40GB and 80GB) and I needed all the performance and disk space I could get. 

Next, I googled the reboot loop problem.  It seems a common solution is to boot from the Windows XP CD (yeah same one that came with my Dimension from Dell) and do a non-console repair installation.  I did just that.  This is what really did my Dimension in.  While the setup was half done, it rebooted as part of the process.  After the reboot, it displays (in DOS blue screen text) something like - "Setup restarting....................." and reboots.  This is right after the Windows splash screen exactly like before.  What's worse, when I try to run Safe Mode now, it says "setup cannot run in safe mode, rebooting" or something like that.  So, I lost Safe Mode as well.  I'm not going to try a fresh Windows XP reinstallation unless somebody recommends it. 

Why am I asking for help in resolving this instead of just reformatting?  First, I still have all my on my old PC.  Yeah I know, back up often.  I was sorta in the middle of backing up all my stuff when all this went down.  Second, I had a lot of settings/tweaks and stuff I wanted to write down to transfer to my XPS like what options I had on/off for my various apps because I don't want to spend months figuring them all out again.  Finally, I have to give my Dimension to someone else in fully working order, and I don't want to start from scratch. 

-------------------

**PART TWO**

I managed to resolve the reboot problem by manually deleting all the BitDefender files I could using a boot disk and MS-DOS prompt.  After I got my Windows back, I managed, with some difficulty, to remove Kaspersky AV and Sunbelt Counterspy. 

Now I have some new problems.  I can succesfully boot my old Dimension now, but the mouse won't work, no matter what I try.  I also can't connect to the internet on it, and it takes forever to start Windows.  I am 90% certain that the problem is the borked BitDefender installation.  I believe this is the case because after I managed to finally boot my computer, the reinstallation of Windows continued, and at first the mouse worked, but then an error message saying something about not finding some Bit Defender .osx file or something like that (from memory, I should have written it down but didn't).  After that popup, the mouse stopped working. 
 
The mouse is the main problem, obviously.  It makes the computer a pain to use.  Fortunately, I have pretty good keyboard skills, and can still perform most functions with it.  The mouse is not recognized in device manager, nor is it recognized by add new hardware.  It is a USB mouse.  The keyboard is PS/2, interestingly enough.  Perhaps that's why it still works and the mouse doesn't.  Makes me wish I still had a PS/2 mouse to test.  Still, I'm pretty sure BitDefender is screwing it up and since BitDefender is probably responsible for all the other problems and may cause more problems down the road, I have to take care of that anyway. 
 
BitDefender won't uninstall because I had to delete some of its critical files to get my computer to boot again.  Reinstalling BitDefender (so I can uninstall it properly) won't work either, because it detects the old installation and refuses to install.  I followed this guide to manually removing BitDefender as best I could:
 
 
However, because I had to delete critical files to boot my comp, there were a few steps I could not complete. 
1.  I didn't do the Windows Install Clean Up stage because I couldn't download it (and I may not be able to use it properly without a mouse). 
2.  I couldn't regsvr32 /u bdshelxt.dll or bdo.dll because I had already deleted those files. 
3.  I couldn't uninstall the bitdefender firewall NDIS filter driver or the Bitdefender firewall TDI filter driver because I had deleted those executables already. 
 
BitDefender may or may not be the cause of my mouse/internet problems, but it does have to be properly and fully removed anyway.  It is still possible there is a virus/Trojan at work on my comp and that it is responsible for the mouse/internet problems.  I say this because there were a few suspicious things that I observed after fixing the reboot problem.  First, of course, msblast.exe still appears unchecked under Startup in msconfig, which makes me concerned (see Part One for details on how I first observed this).  Next, when I tried to remove Kaspersky AV, I had a real hard time.  Most alarmingly, when I looked in my task manager, avp.exe (one of kaspersky's TSR's) appeared twice - once under my name, and once under SYSTEM.  This was disturbingly remniscent of the CSRSS.exe thing I encountered earlier (see Part One for details).  I also could not terminate the process through task manager.  The Kaspersky AV uninstall program refused to let me uninstall without removing the TSR component of Kaspersky first. 
 
After a reboot, and on all subsequent reboots, avp.exe only appeared once in my task manager.  I had difficulty preventing avp.exe from being loaded at boot.  Whenever I tried to modify my services/startup settings in msconfig, it would tell me that I could not change my startup settings because I was not an administrator or something like that (and I am an administrator on my computer, duh, I'm the only user, I even double checked again and it said I'm admin, and I was logged in as myself).  I finally managed to get around this by booting in safe mode and making my msconfig changes there, then starting in normal and uninstalling Kaspersky.  Fishy, to say the least. 
 
So, now I'm still very suspicious that there's some trojan/virus active on my Dimension.  Recall that I downloaded almost every free AV/AS out there and they gave my PC a clean bill of health before the reboot problem started.  Also recall that I uninstalled every one of these AV/AS programs in the end to try to fix my computer.  All I have left is Avast and the ghost of BitDefender.  I'm not sure what else to try to find and kill this possible trojan/virus, especially considering that trying every free AV/AS out there was what got me into this mess in the first place.  Anyway, I have to be absolutely sure my computer is free of viruses/trojans before I can transfer my stuff over to my new comp. 
 
In summary, these are the problems I need to fix on my old Dimension now:
1.  Remove BitDefender completely. 
2.  Get mouse working again. 
3.  Get internet working again. 
4.  Make sure the entire computer is really free of viruses/trojans so I can transfer files to my new comp safely. 
 
Any help will be appreciated. 

Message Edited by Maverick115 on 10-17-2006 05:33 PM

1 person also has this problem

Maverick115

1 Rookie

 • 

38 Posts

October 15th, 2006 23:00

**UPDATE**
I managed to copy over the install cleaner to my Dimension.  After I ran the install cleaner I could finally reinstall BitDefender.  I did this, rebooted, and uninstalled it.  My mouse still doesn't work.  :(  BitDefender should be gone now, but I'm not totally convinced it is.  Windows still takes abnormally long to boot. 
 
Next I tried reinstalling Windows from the CD again.  Like the first time I tried this, the mouse began working again briefly, during the setup screens.  This time, there was no BitDefender error message.  Sometime when it was installing device drivers, when the monitor was constantly turning on and off, the mouse failed.  Same as before except for the lack of a BitDefender message. 
 
Next I tried fiddling with the device drivers.  I had actually tried this before I uninstalled BitDefender.  No mouse gets recognized, though two things are recognized: a USB Human Interface Device and an HID-Compliant Device, both under Human Interface Devices in Device Manager.  Details:
 
USB Human Interface Device
Driver Version 5.1.2600.0
Provider: Microsoft
Digital Signer: Microsoft Windows XP Publisher
This Device is Working Properly
 
HID-Compliant Device
Unknown Device
Device type: Human Interface Devices
Manufacturer: Standard System Devices
Location: on USB Human Interface Device
Status:  This device is not configured correctly (Code 1)
To reinstall the drivers for this device, click Reinstall Driver
On clicking Reinstall Driver -> There was a problem installing this Hardware: HID Class
  An error occured during the installation of the device.  The driver installation file for this device is missing a necessary entry. 
  This may be because the INF was written for Windows 95 or later.  Contact your hardware vendor. 
 
No mouse appears in the device manager.  Under Mouse Properties -> Hardware, it is completely blank. 
 
Sometimes when I ran the Add Hardware wizard, or when I restarted the system, it would ask me to insert a Logitech CD (which I couldn't find).  To solve this, and because I moved my Logitech mouse over to my XPS and am using the Dell USB Mouse which came with my XPS on my Dimension, I uninstalled the Logitech drivers.  I got the same results on my Dimension with both mice, anyway.  Again, no results. 
 
And again, if nobody here can help me, please refer me to a forum that can, thank you. 

bamajim

10.4K Posts

October 16th, 2006 00:00

Maverick115
 
Go Here And download HijackThis

Save it in a convenient permanent folder such as C:\\HJT\\, double click HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents as a reply to this thread
 
bamajim   Graduate of Malware Removal University

bamajim

10.4K Posts

October 16th, 2006 00:00

Maverick115
 
You can also transfer it by using a USB key, But  be assured that what is reported by Hijackthis in a txt. file is completely safe, and not prone to infection
 
bamajim   Graduate of Malware Removal University
 

 
 

Maverick115

1 Rookie

 • 

38 Posts

October 16th, 2006 00:00

Will do, though it will be difficult getting the log info from my old PC to my new one.  My new PC has no floppy.  My old PC has no net access (one of the problems on it I have to solve).  If it is short enough I'll copy it by hand and retype.  If it's long, my only real option is to burn it on a CDRW to transfer.  Before I do that, can I receive assurances that viruses/trojans can NOT hitch a ride on text files?  I do NOT want my new PC infected with any from my old one.  Last I checked, viruses/trojans can NOT ride along on text files or on the seemingly empty space on a CD, only executables if run.  However, my knowledge may be out of date and viruses/trojans may have reached unparalleled heights of sophistication unbeknownst to me.  Just have to be sure. 

Maverick115

1 Rookie

 • 

38 Posts

October 16th, 2006 01:00

Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:19 PM, on 10/15/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ACDSee32\ACDSee32.exe
f:\temp32\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe

bamajim

10.4K Posts

October 16th, 2006 11:00

Maverick115
 
I don't see any signs of infection showing up in your Hijackthis log. Did you disable any start-up items in msconfig?
 
If so you need to re-enable them and post a fresh log, I need to see everything that is running on your pc.
 
bamajim   Graduate of Malware Removal University

Maverick115

1 Rookie

 • 

38 Posts

October 16th, 2006 11:00

Everything that's disabled in startup in msconfig is what I usually disable.  Some of it's been disabled for years.  I will re-enable them anyway if you really like, though like I said, msblast.exe is on that list and there's no way I'm enabling that one. 

bamajim

10.4K Posts

October 16th, 2006 13:00

Maverick115
 
Thats fine excluding the one, but the others will give me a better picture of what is going on.
 
On the file you mentioned be sure and get the file path for me in your reply. I need to know how it's listed
 
C:\Windows
C:\System32\
C:\Program files\
 
etc.
 
bamajim   Graduate of Malware Removal University
 

Maverick115

1 Rookie

 • 

38 Posts

October 17th, 2006 21:00

All right, here it is finally.  Enabled everything like you said, except of course for msblast.exe and one other thing, which was a totally blank and suspicious entry in startup.  This is what was not enabled:

Startup item - blank*  Command - blank*  Location - SOFTWARE/Microsoft/Windows/CurrentVersion/Run

*didn't actually say blank, the field was empty

Startup item - msblast  Command - msblast.exe** Location - SOFTWARE/Microsoft/Windows/CurrentVersion/Run

**no path, just msblast.exe

After this, I tried searching the registry for msblast.exe (which I thought I did before, but I think I accidentally did msblaster.exe instead).  I found one item and deleted it:

HKLM/Software/microsft/Shared Tools/Msconfig/Startupreg/windows auto update/

After this, msblast.exe disappeared from startup in msconfig. 

 

Logfile of HijackThis v1.99.1
Scan saved at 6:08:05 PM, on 10/17/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RunDLL32.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
F:\Program Files\HP\HP Software Update\HPWUCli.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\MsiExec.exe
F:\temp32\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\DVD Region Killer\ElbyCheck.exe" /L RegKill
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hplampc] C:\windows\system32\hplampc.exe
O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
O4 - HKLM\..\Run: [HP Software Update] "F:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\SOFTWIN\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [AVG7_CC] "F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021017/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe

bamajim

10.4K Posts

October 17th, 2006 23:00

Maverick115

The file you mentioned and deleted is related to the Blaster worm

Here is a link to the removal tool

  http://www.symantec.com/security_response/writeup.jsp?docid=2003-081119-5051-99

After you run the tool

Reboot your PC->>Rerun Hijackthis->>and post a fresh Hijackthis log.

And Since you have a firewall, I need to know if you are able to log the problem PC on to the Internet.
 
bamajim   Graduate of Malware Removal University




Itr59

1 Rookie

 • 

1 Message

 • 

2 Points

March 3rd, 2025 23:13

Jesus, I went through reddit and everything and ending up here in 2006 post with the same exact issue about mouse not working (no cursor on desktop nor usb mouse lights work, PS/2 however does only have a laser on)

I am frustrated by BitDefender.. 19 years and they still manage to have exactly the same issue. I had trojans which got deleted by MalwareBytes and re-run BitDefender. After that program, everything went wrong. 

i have 1 HDD and 2 different SSDs and issue still persist. I am going mad already. Tried everything and I don’t even have a patience anymore lol

Was this post helpful?

View All

0 events found

No Events found!

Top