I use Symantec Corporate Edition antivirus and it detected Bloodhound.Exploit.213 on my computer some time ago. Supposedly all risks were quarantined, but now Symantec keeps finding it every day. Click Here to download HJTsetup.exe: Click on 'Download Now' Save HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:Program FilesHijack This. Download free dreamweaver full versionclubsoftsoftram. Continue to click Next in the setup dialogue boxes.
- Joined
- Jan 22, 2010
- Messages
- 4
Download Bloodhound Exploit 213 Pdf Free Full
I've googled this and have had no luck getting rid of the virus. Symantic AV is popping up an Auto-Protect box with a new detection every few seconds, which in turn is using 60-100% of my processing power (2.5 GB dual core).
I've tried running a full Symantic scan (took over 25 hours) with no luck. I've tried Trend Micro AV and no luck. When I go to delete all of my temp files, I don't have access to delete some of the items. Please Help!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:35 PM, on 1/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:Program FilesSymantec AntiVirusSavUI.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesCompalWow Video&AudioWVAMain.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesCompalSmart BatterySMBTray.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSymantec AntiVirusVPTray.exe
C:Windowsvsnp2uvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesAVEOAVEO UVC Filter Driver KitAveoSTI.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesProtector Suite QLpsqltray.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowssystem32taskeng.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FileseMusic Download Managerxulrunnerxulrunner.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O4 - HKLM.Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM.Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM.Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM.Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM.Run: [Wow Video&Audio] C:Program FilesCompalWow Video&AudioWVAMain.exe
O4 - HKLM.Run: [SMBTray] C:Program FilesCompalSmart BatterySMBTray.exe
O4 - HKLM.Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM.Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM.Run: [PSQLLauncher] 'C:Program FilesProtector Suite QLlauncher.exe' /startup
O4 - HKLM.Run: [ccApp] 'C:Program FilesCommon FilesSymantec SharedccApp.exe'
O4 - HKLM.Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKLM.Run: [UfSeAgnt.exe] 'C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe'
O4 - HKCU.Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU.Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU.Run: [ISUSPM] 'C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe' -scheduler
O4 - HKCU.Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19.Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19.Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20.Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device.. - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} (RealPage Web Objects) - http://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O20 - Winlogon Notify: SMFGina - C:Program FilesSmart FaceSMFGina.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:Program FilesDualview Serverdualviewsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
O23 - Service: Smart Face Service (SmartFace Service) - Unknown owner - C:Program FilesSmart FaceSMFService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe
--
End of file - 8784 bytes
I've tried running a full Symantic scan (took over 25 hours) with no luck. I've tried Trend Micro AV and no luck. When I go to delete all of my temp files, I don't have access to delete some of the items. Please Help!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:35 PM, on 1/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:Program FilesSymantec AntiVirusSavUI.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32rundll32.exe
C:WindowsSystem32rundll32.exe
C:WindowsRtHDVCpl.exe
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesCompalWow Video&AudioWVAMain.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesCompalSmart BatterySMBTray.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesSymantec AntiVirusVPTray.exe
C:Windowsvsnp2uvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
C:Windowsehomeehtray.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesAVEOAVEO UVC Filter Driver KitAveoSTI.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesProtector Suite QLpsqltray.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowssystem32taskeng.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FileseMusic Download Managerxulrunnerxulrunner.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O4 - HKLM.Run: [NvSvc] RUNDLL32.EXE C:Windowssystem32nvsvc.dll,nvsvcStart
O4 - HKLM.Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM.Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM.Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM.Run: [Wow Video&Audio] C:Program FilesCompalWow Video&AudioWVAMain.exe
O4 - HKLM.Run: [SMBTray] C:Program FilesCompalSmart BatterySMBTray.exe
O4 - HKLM.Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM.Run: [vptray] C:PROGRA~1SYMANT~1VPTray.exe
O4 - HKLM.Run: [PSQLLauncher] 'C:Program FilesProtector Suite QLlauncher.exe' /startup
O4 - HKLM.Run: [ccApp] 'C:Program FilesCommon FilesSymantec SharedccApp.exe'
O4 - HKLM.Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKLM.Run: [UfSeAgnt.exe] 'C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe'
O4 - HKCU.Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU.Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU.Run: [ISUSPM] 'C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe' -scheduler
O4 - HKCU.Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19.Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19.Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20.Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device.. - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4AEF8AEE-3DE8-4B69-8B6E-6353B6C59B50} (RealPage Web Objects) - http://onesite.realpage.com/coreglobal/RealpageCab/Realpage.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O20 - Winlogon Notify: SMFGina - C:Program FilesSmart FaceSMFGina.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec AntiVirusDefWatch.exe
O23 - Service: DualView Server Service (DualView Server) - Unknown owner - C:Program FilesDualview Serverdualviewsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:Program FilesRoxioDigital Home 9RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec AntiVirusSavRoam.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
O23 - Service: Smart Face Service (SmartFace Service) - Unknown owner - C:Program FilesSmart FaceSMFService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe
--
End of file - 8784 bytes