About a week back, my system's McAfee Virus-Scan kept displaying a message every 10 seconds saying that Trojan Vundo had been detected. I downloaded and installed BitDefender Trial version and ran it. It told me that my system affected by Virtumonde (mostly registry entries) and cleared them off. But then when my system restarted, it became very slow. I then downloaded and installed Spybot Search & Destroy 1.5.2 and ran that. It found 3 instances of Trojan.Vundo.DZN and cleared them (or so it showed). But the system was still running slow. Atleast now the Virus Scan did not pop up with the Vundo warning. So I downloaded VundoFix and ran that. It again found 3 files and then i selected Remove Vundo. And then I got the biggest shock till now. My system now starts up and gets onto the log on page and then i put in my username and password and then all i see is a blue screen with the pointer in the middle of the screen but NOTHING ELSE!! And my system starts up fine in Safe Mode and i've run VundoFix in Safe Mode to check whether Trojan Vundo is still there or not but it comes clean. Spybot also comes clean in Safe Mode. But I cannot start my system in normal boot up. Can you please help me get my desktop back at least?? I'm really really worried now that I might have to reinstall the OS. BTW, i've downloaded and kept HiJackThis and ComboFix ready in my USB Memory Drive for use whenever you suggest.
Please suggest what to do now.
Warm Regards,
Manish.
Edited at 7:49 P.M. 29/02/08
I ran ComboFix and HiJackThis after that and the logs are posted below. Hope this gives you a better idea of what i'm dealing with here and suggest steps to fix the problem.
ComboFix
ComboFix 08-02-25.3 - jll2 2008-02-29 19:35:39.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.330 [GMT 5.5:30]
Running from: C:\Documents and Settings\jll2\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbrpijie.ini
C:\WINDOWS\system32\cjlpgrin.dll
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\hoyrsnvi.ini
C:\WINDOWS\system32\kmqhwcie.ini
C:\WINDOWS\system32\nirgpljc.ini
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-28 15:39 . 2008-02-29 11:41 <DIR> d-------- C:\VundoFix Backups
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-25 12:45 . 2008-02-29 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 17:04 . 2008-02-29 13:13 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-23 15:43 . 2008-02-23 15:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\BitDefender
2008-02-23 15:35 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\BitDefender
2008-02-23 15:35 . 2008-02-23 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-23 15:30 . 2008-02-23 15:39 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 21:45 . 2008-02-21 21:51 <DIR> d-------- C:\Temp
2008-02-21 21:44 . 2008-02-21 21:44 <DIR> d-------- C:\Program Files\Xilisoft
2008-02-21 11:07 . 2008-02-21 11:07 <DIR> d-------- C:\WINDOWS\system32\%%DATA_DIR%%
2008-02-20 15:42 . 2008-02-20 15:42 <DIR> d-------- C:\Program Files\Unity
2008-02-19 22:40 . 2008-02-19 22:40 <DIR> d-------- C:\Program Files\SamsonSoft
2008-02-19 22:38 . 2008-02-19 22:39 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-02-19 22:33 . 2008-02-19 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zabersoft
2008-02-19 20:33 . 2008-02-19 20:33 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Media Player Classic
2008-02-19 20:26 . 2008-02-19 20:28 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-19 19:37 . 2008-02-22 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-19 19:37 . 2008-02-19 19:37 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-19 19:11 . 2008-02-19 19:11 1,212 --a------ C:\WINDOWS\ST6UNST.000
2008-02-19 18:54 . 2008-02-19 18:54 <DIR> d-------- C:\Program Files\Digital Locker Assistant
2008-02-19 18:11 . 2008-02-19 18:11 <DIR> d-------- C:\Program Files\StumbleUpon
2008-02-19 18:11 . 2008-02-28 12:06 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\StumbleUpon
2008-02-19 15:03 . 2007-12-07 07:51 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-19 15:03 . 2007-07-01 09:01 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-19 15:03 . 2007-07-01 09:06 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-19 15:03 . 2007-12-07 07:51 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-19 15:03 . 2007-12-07 07:51 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-19 15:03 . 2007-12-07 07:51 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-19 15:03 . 2007-12-07 07:51 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-19 15:03 . 2007-12-07 07:51 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-19 15:03 . 2007-12-06 16:30 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-19 14:52 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-02-19 14:07 . 2008-02-19 14:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-19 13:50 . 2006-08-21 14:44 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-02-19 13:50 . 2006-08-21 14:44 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-02-19 13:50 . 2006-08-21 17:51 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-02-19 11:30 . 2007-07-09 18:39 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-02-19 11:00 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 11:00 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 12:47 . 2004-08-04 13:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\provisioning
2008-02-18 12:46 . 2008-02-18 12:46 <DIR> d-------- C:\WINDOWS\peernet
2008-02-18 12:42 . 2008-02-18 12:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-18 12:31 . 2008-02-18 12:31 <DIR> d-------- C:\WINDOWS\EHome
2008-02-16 15:32 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-02-16 15:32 . 2004-08-04 00:56 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe
2008-02-16 15:32 . 2004-08-02 14:20 7,208 --a------ C:\WINDOWS\system32\secupd.sig
2008-02-16 15:32 . 2004-08-02 14:20 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2008-02-13 11:23 . 2005-10-21 03:50 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-02-13 10:00 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-02-13 09:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-13 09:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-13 09:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-09 19:31 . 2008-02-19 10:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-02-09 19:28 . 2008-02-09 19:31 <DIR> d-------- C:\Program Files\Winamp
2008-02-09 19:28 . 2008-02-09 19:34 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Winamp
2008-02-08 19:39 . 2007-04-24 11:33 100,488 -ra------ C:\WINDOWS\system32\drivers\s125mgmt.sys
2008-02-08 19:39 . 2007-04-24 11:33 98,696 -ra------ C:\WINDOWS\system32\drivers\s125obex.sys
2008-02-08 19:38 . 2008-02-08 19:39 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Teleca
2008-02-08 19:38 . 2007-04-24 11:33 108,680 -ra------ C:\WINDOWS\system32\drivers\s125mdm.sys
2008-02-08 19:38 . 2007-04-24 11:33 83,336 -ra------ C:\WINDOWS\system32\drivers\s125bus.sys
2008-02-08 19:38 . 2007-04-24 11:33 15,112 -ra------ C:\WINDOWS\system32\drivers\s125mdfl.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125whnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125wh.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cmnt.sys
2008-02-08 19:38 . 2007-04-24 11:33 12,424 -ra------ C:\WINDOWS\system32\drivers\s125cm.sys
2008-02-08 19:36 . 2008-02-08 19:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-02-08 19:35 . 2008-02-08 19:36 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-08 19:35 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\Sony Ericsson
2008-02-08 19:34 . 2008-02-08 19:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-08 19:33 . 2008-02-08 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-07 18:24 . 2008-02-07 18:24 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-02-07 11:29 . 2008-02-15 13:43 <DIR> d-------- C:\Documents and Settings\jll2\Application Data\AdobeUM
2008-02-02 11:36 . 2008-02-22 11:50 <DIR> d--hs---- C:\Documents and Settings\jll2\UserData
2008-02-02 10:40 . 2008-02-02 10:40 125 --a------ C:\WINDOWS\IEPatchUninstall.BAK
2008-02-02 10:33 . 2008-02-02 10:33 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 13:46 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-02-19 13:46 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-19 08:43 --------- d-----w C:\Program Files\Microsoft Works
2008-02-07 12:54 --------- d-----w C:\Program Files\Dell
2008-02-02 06:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-01-28 04:31 --------- d-----w C:\Documents and Settings\jll2\Application Data\Yahoo!
2008-01-25 10:19 --------- d-----w C:\Program Files\FriendFinder
2008-01-25 10:10 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-01-24 05:58 --------- d-----w C:\Documents and Settings\jll1\Application Data\ICAClient
2008-01-22 07:25 --------- d-----w C:\Documents and Settings\jll1\Application Data\AdobeUM
2008-01-09 11:53 --------- d-----w C:\Documents and Settings\jll1\Application Data\Yahoo!
2008-01-09 10:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-07 12:11 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-01-03 03:46 --------- d-----w C:\Program Files\NETWORK ASSOCIATES
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b72f00b-45fc-4645-9e9f-e0b8eb578d7c}]
C:\WINDOWS\system32\ibhcxxto.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85429961-D537-4B19-8FDA-F284548CC281}]
C:\WINDOWS\system32\ddayx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{5093EB4C-3E93-40AB-9266-B607BA87BDC8}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-02-13 07:55 1587512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-04-05 18:52 94208]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-04-05 18:49 77824]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 17:30 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:12 1404928]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-25 12:10 360448]
"QuickTime Task"="C:\Program Files\Apple\QuickTime\qttask.exe" [2004-04-30 09:37 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 04:24 37376]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2007-03-22 19:17 98656]
"Persistence"="C:\WINDOWS\System32\igfxpers.exe" [2005-04-05 18:53 114688]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 17:09 59392]
"McAfeeUpdaterUI"="C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" [2005-08-31 16:50 139320]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2007-04-02 21:42 17248]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2007-04-19 14:00 125792]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:01 208952]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 14:00 25440]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2007-03-22 19:17 66400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 15:40]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 15:40]
S2 NwSapAgent;SAP Agent;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]
S3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 14:12]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
S3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d640950b-d621-11dc-a36d-00142237fd9f}]
\Shell\Auto\command - E:\tomskype.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tomskype.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 19:30:30 C:\WINDOWS\Tasks\Defrag (Desktop) .....job"
- C:\WINDOWS\system32\defrag.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 19:39:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-02-29 19:41:58 - machine was rebooted [jll2]
ComboFix-quarantined-files.txt 2008-02-29 14:11:55
.
2008-02-22 07:26:38 --- E O F ---
HijackThis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:26 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://delphi.ap.joneslanglasalle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.128.4.69:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*.ap.jllnet.com;*.ap.joneslanglasalle.com;ipmpwt.joneslanglasalle.com;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {c7d875be-8b0e-f9e9-5464-cf54b00f27b0} - {0b72f00b-45fc-4645-9e9f-e0b8eb578d7c} - C:\WINDOWS\system32\ibhcxxto.dll (file missing)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {85429961-D537-4B19-8FDA-F284548CC281} - C:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Apple\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BGInfo.lnk = C:\WINDOWS\Bginfo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office11\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://delphi.ap.joneslanglasalle.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {2E687AA8-B276-4910-BBFB-4E412F685379} (CWebsiteViewer Object) - http://ausyd077.ap.j...bsiteViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://delphi.ap.jon...oard/msddsc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1203315985171
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://webdesk.ap.j...en/CSGProxy.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{373E75A6-C8D0-4B5F-8231-1D100EB42C40}: Domain = ap.jllnet.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82E01BD-02A1-4161-BE6A-289E4F4D1D94}: NameServer = 125.22.47.125,202.56.250.5
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\NETWORK ASSOCIATES\COMMON FRAMEWORK\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 8702 bytes
Thats about it. Can anyone please tell me what I need to do so that my system starts working on normal startup and I get something apart from the blue screen with the pointer in the middle once i login? Am currently working in Safe Mode and it works fine, but thats not what i want!
Edited at 2:49 P.M. 01/03/08
PROGRESS AT LAST
After posting the above yesterday, I ran the Recovery Console and ran a repair. Once the repair was complete I restarted the system in normal mode and was happy to note that I was able to see my normal desktop and today morning again the system logged onto the normal desktop but the system is still very slow. Opening IE takes an enternity, and everything else is very slow. I've downloaded the below softwares and have got them ready on my USB Memory Drive in case I need to use them to fix my system completely. Please help me get my system back to normal.
dss.exe
registryboosteraff.exe
SDFix.exe
SUPERAntiSpyware.exe
OTMoveIt2.exe
SmitfraudFix.exe
ATF-Cleaner.exe
Thank you,
Warm Regards,
Manish.
Edited by ManishKR, 01 March 2008 - 03:27 AM.