PG5

Hi!
my AntiVirus found 2 trojans in my laptop and one of them was in Mozilla Firefox's folder under C:/.../User/AppData/Local/Mozilla/Profiles/. Now Mozilla won't open and each time I try to run it, it pops up an error message saying it can't find nssutil.dll. But that's exactly the infected file that the AntiVirus has quarantined.

These are the 2 trojans found by the AV:
1) Trojan.Clicker.CM
2) Trojan.Generic.1607990

I'm running Windows Vista on my laptop and the AntiVirus is BitDefender 2009.

Here's the DDS.txt. Please check out the attachment for the other log files.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Gomes at 18.54.38,22 on 17/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2045.1079 [GMT 2:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Gomes\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=71&bd=Pavilion&pf=laptop
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-9-4 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 MODBDA2;DiBcom MOD3000 TV receiver;c:\windows\system32\drivers\yuanmodbda2.sys [2006-10-14 32256]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-6-15 42512]

=============== Created Last 30 ================

2009-04-15 15:39 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 15:39 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-04-15 15:39 38,912 a------- c:\windows\system32\xolehlp.dll
2009-03-20 19:57 <DIR> --d----- C:\f3cc8a087254e15f8c780a3e

==================== Find3M ====================

2009-04-17 18:09 662,846 a------- c:\windows\system32\perfh010.dat
2009-04-17 18:09 120,326 a------- c:\windows\system32\perfc010.dat
2009-04-17 16:48 13,025 a------- c:\users\gomes\appdata\roaming\nvModes.dat
2009-04-17 15:36 81,984 a------- c:\windows\system32\bdod.bin
2009-04-01 17:57 104,328 a------- c:\windows\system32\drivers\bdfndisf.sys
2009-03-24 22:00 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-24 22:00 51,200 a------- c:\windows\inf\infpub.dat
2009-03-17 05:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 05:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 05:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-03 06:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 06:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 06:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 06:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 06:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 06:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 06:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 06:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 06:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 06:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 05:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 04:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 04:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-01 21:19 86,016 a------- c:\windows\inf\infstor.dat
2009-02-13 10:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 10:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 2,033,152 a------- c:\windows\system32\win32k.sys
2008-06-19 17:24 665,600 a------- c:\windows\inf\drvindex.dat
2008-05-02 18:19 174 a--sh--- c:\program files\desktop.ini
2007-07-15 11:25 196 a------- c:\users\gomes\appdata\roaming\wklnhst.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfd.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfi.dat
2006-11-06 03:48 331,172 a------- c:\windows\inf\perflib\0410\perfh.dat
2006-11-06 03:48 36,614 a------- c:\windows\inf\perflib\0410\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18.56.32,27 ===============

Attached Files

Attach.zip (2.4 KB, 1 views)

PG5

Hi again!
Now my laptop has become slow. Every now and then Internet Explorer freezes for a while. I think the virus is spreading. Can anyone analize my case please?
Thank you.

Jintan

Hello PG5,

Not seeing any infection here. From the looks of this BitDefender forum thread BitDefender had been removing legit Firefox and other files in error. Have you updated BitDefender since the problems began? If it has the options for that you may want to return that file from it's quarantine to get Firefox back to running, and if that makes you uncomfortable to do then perhaps you might reinstall Firefox to return the needed files.

PG5

Hello Jintan,
Thank you for linking me up to BitDefender's forum - I didn't know about the same ongoing problem with other BitDefender users. I already tried reinstalling Firefox Mozilla but it still couldn't open. I guess I'll have to wait until BD provides us with some good updates that don't block Mozilla. I'll keep an eye on BD's forum. I hope they find a solution to this bug. Until then I'll keep using Internet Explorer. Thank you for your help and your time.

Jintan

I am curious that a reinstall of Firefox will not work though, since that should return the removed files or functions. You have BitDefender completely disabled while installing that and trying it out?

PG5

After reading the thread you linked me up to, I have managed to fix the problem. First I had to update BitDefender then reinstall FF. Though I have lost all my bookmarks, I am now able to use my favourite web browser. Thank you again!

Jintan

Glad to provide some ideas to help out.