New OS scanned same day, 9 VIRUS'S!!!!

[ashdavid]

I can't believe this, I wiped the disk and installed a new OS vista 32 bit and I have the same virus's affectting the same files only this time there are more that can't be removed, what is with this???

Anyway, Hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:22:02, on 2008/01/15
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logicool\Qcam10\Qcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ONKYO\CarryOn Music 10\Bin\CarryOn.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logicool\Qcam10\Qcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXUS 使用状況調査プログラム (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logicool Co., Ltd - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6755 bytes

 

[GameMaster]

Hello!
Seems to me that your log is almost clean.
Not even a trace of 9 viruses. Only 1-2 nasty ones, not even sure are they worth SDFix.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

[ashdavid]

Ok, I can't seem to get SDfix to work. It goes through the instalation proccess but nothing happens. And there is no SDfix.exe to double click. I must be one of the most useless people on a computer. Appreciate any more help.

 

[_simon_]

Is there not a RunThis.bat in the folder?

 

[ashdavid]

There is a "RunThis" but not a "RunThis.bat". Does that make a difference?

 

[evilfantasy]

SDFix isn't compatible with Vista.

 

[tlarkin]

Do you use internet explorer? Man that is just sad, new OS load and 9 viruses in a 24 hour period?

 

[GameMaster]

No way, I haven't found so many viruses, all I saw was one Trojan, and I'm not even sure for the other thing, but it doesn't seem legit.
Mr evilfantasy, what do you suggest? I give you a permission to steal this one
Otherwise, I'd suggest ComboFix...

 

[tlarkin]

No way, I haven't found so many viruses, all I saw was one Trojan, and I'm not even sure for the other thing, but it doesn't seem legit.
Mr evilfantasy, what do you suggest? I give you a permission to steal this one
Otherwise, I'd suggest ComboFix...

Man it is super easy to get 100s of viruses of the box. Here is how you do it so you can try it at home

1) Format HD and install windows

2) Run IE - can be any version

3) Install active X controls

4) get viruses

If you are a windows user this is what you must do, in my opinion, to be sae

1) Router that supports NAT and built in firewall

2) Patch your OS till it is completely updated.

3) Don't ever use IE, WMP, or any other MS product like Active X

4) - virus free

 

[GameMaster]

Who asked how did he get the viruses? My point was that his computer isn't that much infected.

 

[tlarkin]

Who asked how did he get the viruses? My point was that his computer isn't that much infected.

Well my Linux and Mac have zero viruses and zero spyware, out the box on the internet, where ever. My whole point was not using crappy non secure products like WMP and IE reduce the risk of getting infected. Regardless of the severity of the infection the user still got malware/viruses on their system.

 

[evilfantasy]

Who asked how did he get the viruses? My point was that his computer isn't that much infected.

Exactly. The HJT log doesn't show anything at all really.

Run one or even better two online scans that remove virus and malware. See what it turns up.

ESET Nod32 Online Scanner
a-squared Web Malware Scanner

 

[ashdavid]

Thanks guys, just one more stupid question, I need activeX to run the programs and however I can find plenty of info on this download, I am not going to click on a download that I know nothing about (This is how I got here in the first place with having to inbstall a new OS)

So does anyone know a secure place to download activeX from?

 

[evilfantasy]

ActiveX controls are added to the browser as needed by separate applications/programs. They can be uninstalled once the scans are done in add/remove programs.

 

[tlarkin]

Thanks guys, just one more stupid question, I need activeX to run the programs and however I can find plenty of info on this download, I am not going to click on a download that I know nothing about (This is how I got here in the first place with having to inbstall a new OS)

So does anyone know a secure place to download activeX from?

Active X is an API built into IE that allows web based applications access to windows kernel hooks for executing instruction sets. In other words, its an easy sloppy way to give any kind of web application access to the windows kernel.

Don't use IE and you won't ever use Active X. If a website requires Active X, find a different one that doesn't.

 

[evilfantasy]

In other words, its an easy sloppy way to give any kind of web application access to the windows kernel.

Only if you allow it to.

Your help is invaluable in trying to rid any malware on the OPs computer.

Thanks!

 

[ashdavid]

Active X is an API built into IE that allows web based applications access to windows kernel hooks for executing instruction sets. In other words, its an easy sloppy way to give any kind of web application access to the windows kernel.

Don't use IE and you won't ever use Active X. If a website requires Active X, find a different one that doesn't.

I am using Firefox so that is the problem, I will reopen in IE and try to download them. I am at work right now which usually consumes at least 14 hours of my day So I will give a go when I get home).

In the meantime I would like to research a bit, so is there a good site on learning how to identify these malware, or do I need to learn more about reading programs? Also I have seen a Microsoft program call Process Explorer, is this worth learning how to use b/c eventually I would like to know how to fix my own computer oneday.

 

[ashdavid]

1) Router that supports NAT and built in firewall

2) Patch your OS till it is completely updated.

3) Don't ever use IE, WMP, or any other MS product like Active X

4) - virus free

Ok, bare with me here. If you or someone else would be so kind explain these points? I don't know what "NAT" is? What is WMP? and I gathered that IE is "Internet explorer". Thanks.

 

[evilfantasy]

If you are totally against using IE then you can use the Trend Micro Online Sccan

Trend Micro HouseCall - Works with Firefox or IE

Or Panda's NanoScan Scan only - IE or Firefix

But the panda is only for identifying infections, it doesn't remove anything found.

The two I suggested before scan for more than just virus and spyware which is why i suggested them.

Don't let anybody scare you about activex. It isn't dangerous unless you like to click on every banner add you see. IE is still the shell of your OS so you are using it even though you surf with Firefox. IE still has to be updated with the latest security patches which protects your OS, not just Internet Explorer.

I have nothing against Linux. But I would rather not build and maintain my own OS.

 

[ashdavid]

If you are totally against using IE then you can use the Trend Micro Online Sccan

Trend Micro HouseCall - Works with Firefox or IE

Or Panda's NanoScan Scan only - IE or Firefix

But the panda is only for identifying infections, it doesn't remove anything found.

The two I suggested before scan for more than just virus and spyware which is why i suggested them.

Don't let anybody scare you about activex. It isn't dangerous unless you like to click on every banner add you see. IE is still the shell of your OS so you are using it even though you surf with Firefox. IE still has to be updated with the latest security patches which protects your OS, not just Internet Explorer.

I have nothing against Linux. But I would rather not build and maintain my own OS.

I have no idea what to be afraid of, but I will do as you said and give it a try in IE when I get home. I thank you for all your support so far guys. I am so computer iliterate. Something I am working on changing.

Evil, what are your ideas on Microsoft program call Process Explorer?