XP :: Cleaning Possible Vundo/Virtumonde/Downloader ASN.HijackThis Log

Virtumonde/vundo Damage

May 10, 2007

Infected by the vundo/virtumonde virus

I have ran scans of spysweeper and max registry cleaner, and from what i understand the actual malware is gone. the problems is i have no icons/taskbar. ive tried running explorer.exe through the task manager, which gets the taskbar to flash fora couple seconds, but it disappears shortly after. ive tried running taskbar repair tool plus, but that doesnt help me much.

Here is it

Logfile of HijackThis v1.99.1
Scan saved at 4:10:39 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:PROGRA~1COMMON~1AOLACSacsd.exe
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comvsomcshield.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesUPHCleanuphclean.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesSkyhook WirelessWi-Fi ServiceWPSScannerSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveFirewallmsfwsvc.exe
C:Program FilesMicrosoft Windows OneCare Livewinss.exe
C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32DllHost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.emachines.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [SunKistEM] "C:Program FileseMachines Bay Readershwiconem.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_03injusched.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] c:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe
O4 - HKLM..Run: [IPHSend] "C:Program FilesCommon FilesAOLIPHSendIPHSend.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "C:Program FilesMcAfee.comVSOmcvsshld.exe"
O4 - HKLM..Run: [OASClnt] "C:Program FilesMcAfee.comVSOoasclnt.exe"
O4 - HKLM..Run: [OneCareUI] "C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe"
O4 - HKLM..Run: [RCSystemTray] "C:Program FilesMax Registry CleanerMaxRCSystemTray.exe"
O4 - HKLM..Run: [SNM] "C:Program FilesSpyNoMoreSNM.exe" /startup
O4 - HKLM..Run: [KernelFaultCheck] C:WINDOWSsystem32dumprep 0 -k
O4 - HKLM..Run: [RCAutoLiveUpdate] "C:Program FilesMax Registry CleanerMaxLiveUpdateRC.exe" -AUTO
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2in
pjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2in
pjpi142.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O17 - HKLMSystemCCSServicesTcpip..{FB2E15D9-1174-4951-A108-219BE5713585}: NameServer = 71.242.0.12,71.252.0.12
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:Program FilesSkyhook WirelessWi-Fi ServiceWPSScannerSvc.exe

View 2 Replies View Related

Reviewing & Cleaning HJT Logfile Of HijackThis V1.99.1?

Mar 27, 2005

i am not be able to reviewing & cleaning HJT Logfile of HijackThis v1.99.1 how to do that?

View 7 Replies View Related

Error Loading .Got Virtumonde.dll

Apr 28, 2008

I have no idea what went wrong.Got virtumonde.dll virus and manage to get it clean but every time I start up my computer,this message pops up Error Loading C:WINDOWSsystem32fatmyeiy.dll .

View 4 Replies View Related

Virus - Trojan-Downloader.Win32

Jan 8, 2007

Following my post saying i cannot change my wallpaper i have founr out that i have "Trojan-Downloader.Win32.Agent.uj" in stalled on my PC. I am unsure how to remove this. All i know is that it collects my personal data. Can someone please let me know how to remove this from my computer Below if my HJT log

View 3 Replies View Related

Trojan Downloader Win32 Zlob

Feb 15, 2008

I have this trojandownloader:win32/Zlob and i cant delete it?

View 7 Replies View Related

Trojan Horse Downloader Generic VRU

Apr 15, 2006

Above name virus kept on re-appearing after being found and deleted by AVG Antivirus Free Edition.Path=C:Program Filess?curity, File Name= csrss.exe.Am using Windows XP Home Edition, SP2 Ver:5.1.2600 Build 2600. Internet Explorer 7 :Ver:7.0.5335.5 Beta 2.Please,can anyone advise me on how to erase,remove this virus completely and permanently from my computer.

View 10 Replies View Related

Banker Dropper And Downloader Trojan Horses

Aug 9, 2005

I have AVG free edition and it found 8 trojan horse viruses. Funny that the free program picked it up but my Zone Alarm Pro hasn't said a word.I can't cut and paste the paths bu one is C:program files/dell/R61444.exe and another isC:i386/CISVC.EXE, C:windows/$NtServicePackUninstall$cisvc.exe and several more It says they aren't healable and the source is a back up copy. Back up copy of what I do not know, I don't remember using a back up copy of anything. When I tried to put one it detected this morning in the vault it said if I did that it might cause something to become unstable.I did get another error message that said something about copies of something had been replaced with unauthenticated (I think) versions, and that something could be unstable (this was after AVG ran and said I had the viruses)and to insert the xp home edition disk. I did that and pretty much didn't know what to do after that so I took it out again.

View 7 Replies View Related

Get Rid Of The Downloader.MisleadApp Virus - Norton Antivirus

Nov 2, 2007

ive tried getting rid of the Downloader.MisleadApp virus through Norton Antivirus and it wouldn't delete so i followed the directions it suggested by deleting it through safe mode but that also didn't work what else should i do?

View 7 Replies View Related

AVG Anti Virus Cant Remove Trojan Horse Downloader

Dec 17, 2004

trojan horse Downloader .Agent.5.P - is found in C:WINDOWSsystem32calsp.dll

AVG can't remove it

View 10 Replies View Related

"Trojan Horse Downloader Generic 4.ZQI - Computer Slowed Down

Jul 28, 2007

My daughters computer has something called "Trojan horse downloader Generic 4.ZQI, this has caused all sorts of problems with connecting onto the internet and has slowed the computer.

View 14 Replies View Related

Trojan.vundo Won't Go

Jan 22, 2006

I've got the trojan.vundo virus. I have installed and run the vundo removal tool, and it shows me that it is gone-but when I restart my computer, Norton anti-virus finds it again (and again...and again).

View 14 Replies View Related

Vundo Virus

Aug 14, 2007

i used a vundo fix and got rid of all of the vundo viruses but two would not go away.

i got error message : Error: 75. Path/File access error

The two files were :

c:WINDOWSsystem32jkkjk.dll
c:WINDOWSsystem32\kjkkj.ini

why these two vundos won't go away? They won't clean from my antivirus or quarantine either.They keep popping up in my system notifying me that they are there.

View 10 Replies View Related

Can't Remove Trojan.Vundo

Nov 2, 2007

I get this trojan today and i never get viruses usually but this one reaqlly is annoying!

Ive looked at all the other posts and ive tried using the vundo fix tool etc but it does not pick it up at all. Ive tried doing it in safe mode and ive tried unistalling java to see if it was involved with that but nothing has worked so far.

I have located the file in my system32 folder and its named xxyywtq.dll but theres no way it will let me delete it as it says it is being used by another program or person.

View 1 Replies View Related

Norton Saying - Vundo Threat

Oct 15, 2005

A message from Norton that says I have a Trogan Vundo on my computer.When I use the Norton removal tool it does not find the virus.When I use the Norton scan it does.

View 3 Replies View Related

Xsoft Picking Vundo

May 18, 2007

I downloaded vundo.exe and ran it . Says Ok
Then I run xsoft and says has vundo . ?

View 1 Replies View Related

Vundo Infection Recurring

Oct 16, 2008

I have a vundo infection (on it's automatic scans) i ran superantispyware pro and it said clean.
Then i restarted, and it was back.
I ran superantispyware pro again, along with cwshredder, spybot, spyware blaster, and prevx. the infection seemed to be gone, but then the next day trendmicro alerted me that it was in my system restore. so i turned off system restore, restarted, re-enabled system restore and made a restore point.
The infection isn't gone.

Hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:03, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:OfficeScan NT
trtscan.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesoneTick imesync.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSsystem32mqsvc.exe
C:OfficeScan NT mlisten.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSTEMPHF45E.EXE
C:WINDOWSsystem32dllhost.exe
C:OfficeScan NTCNTAoSMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSehomeehtray.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesJavajre1.6.0_07injusched.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesBabylonBabylon-ProBabylon.exe
C:Program FilesCreativeCreative ZENEN Media ExplorerCTCheck.exe
C:GeniusioCentregTaskBar.exe
C:OfficeScan NTpccntmon.exe
C:GeniusioCentregMouseTask.exe
C:GeniusioCentregKbdTask.exe
C:GeniusioCentregAutoPan.exe
C:GeniusioCentregAutoScroll.exe
C:GeniusioCentregZoom.exe
C:GeniusioCentregMGlass.exe
C:GeniusioCentregIMMgm.exe
C:GeniusioCentregDeskMgm.exe
C:Program FilesRainlendar2Rainlendar2.exe
C:GeniusioCentregTaskSwitch.exe
C:Program FilesATnotesATnotes.exe
C:Program FilesoneTickzonetick.exe
C:Documents and SettingscalindraLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
c:program filescommon filesinstallshieldupdateserviceisuspm.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe
C:Program FilesOperaopera.exe
C:Program FilesPrevx2PXConsole.exe
C:Program FilesPrevx2PXAgent.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32SearchProtocolHost.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.seamonkey-project.org/start/"); (C:Documents and SettingsCALINDRAApplication DataMozillaProfilesdefaultzz9effyd.sltprefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.s rc"); (C:Documents and SettingsCALINDRAApplication DataMozillaProfilesdefaultzz9effyd.sltprefs.js)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayer
pbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:Documents and SettingsAll UsersApplication DataPrevxpxbho.dll
O2 - BHO: (no name) - {5C38F1A3-C14E-4EBD-A55B-CF9EE24FE46F} - C:WINDOWSsystem32qOIxWPhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07inssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 - BHO: {edb801e3-ef97-2908-71d4-7b292271204c} - {c4021722-92b7-4d17-8092-79fe3e108bde} - (no file)
O2 - BHO: (no name) - {CE24BFF5-E53D-4D0E-A2A4-DBF6EE6E92C3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPlugins
egVeohToolbar.dll
O3 - Toolbar: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:PROGRA~1TEXTAL~1TAForIE.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07injusched.exe"
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Cpqset] C:Program FilesHewlett-PackardDefault Settingscpqset.exe
O4 - HKLM..Run: [RecGuard] C:WindowsSMINSTRecGuard.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 - HKLM..Run: [Babylon Client] C:Program FilesBabylonBabylon-ProBabylon.exe -AutoStart
O4 - HKLM..Run: [CTCheck] C:Program FilesCreativeCreative ZENEN Media ExplorerCTCheck.exe
O4 - HKLM..Run: [ioCentre] C:GeniusioCentregTaskBar.exe
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr6_1IMEKRMIG.EXE
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [OfficeScanNT Monitor] "C:OfficeScan NTpccntmon.exe" -HideWindow
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickFinder Scheduler] "c:Program FilesCorelWordPerfect Office X4ProgramsQFSCHD140.EXE"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [PrevxOne] "C:Program FilesPrevx2PXConsole.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 - HKCU..Run: [ATnotes.exe] C:Program FilesATnotesATnotes.exe
O4 - HKCU..Run: [ZoneTick] C:Program FilesoneTickzonetick.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingscalindraLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:Program FilesCorelWordPerfect Office X4ProgramsWPLauncher.hta
O8 - Extra context menu item: Translate with &Babylon - res://C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07inssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsAddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c920b4c2ad0755) (gupdate1c920b4c2ad0755) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:OfficeScan NT
trtscan.exe
O23 - Service: PREVXAgent - Prevx - C:Program FilesPrevx2PXAgent.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:OfficeScan NT mlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:OfficeScan NTTmProxy.exe
O23 - Service: ZoneTick Time (ZTime) - WR Consulting - C:Program FilesoneTick imesync.exe

--
End of file - 14271 bytes

View 14 Replies View Related

Xp Slow Ans Vundo Error

Feb 28, 2008

I am running XP Pro and it is very slow, I had a message from Mcafee that I had a vundo virus. When I am on the internet it is very slow and I have window screens open in explorer that dont open all the way and I get message.

HiJack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:25 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPService.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPUser.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft Windows Feedback Panelwfpasieve.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1MI3AA1~1
apimgr.exe
C:WINDOWSsystem32winlogon.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:WINDOWSsystem32msiexec.exe
C:GARMINMapSource.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [70348166] rundll32.exe "C:WINDOWSsystem32ubiojhqe.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-21-515967899-1547161642-725345543-1004..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Elaine')
O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196486492274
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196493743468
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:Program FilesSymantecpcAnywhereawhost32.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

--
End of file - 7056 bytes

View 1 Replies View Related

Trojan.vundo.b - Removal Tool?

Oct 17, 2005

I've been getting this winfixer 2005 pop up window everytime i open my pc. what i normally do is just close it. i've learned that it's something to do with the trojan.vundo.b virus. i searched the net for removal tools and downloaded one from norton but it didnt help.Now, i've been receiving virus alerts from norton.

View 14 Replies View Related

NIS Scan And Found A Vundo Trojan

Dec 10, 2005

We network our computers and I had alot of adware and a trojan virus on mine so I do believe she has the same. I ran a NIS scan and found a vundo trojan on this computer (hers). Had to download the tool to remove it and it appears it was successful. But the computer is still so slow and having some internet explorer errors.

View 14 Replies View Related

Trojan Vundo Virus - Slow Computer

Apr 15, 2007

I had this Trojan vundo virus about a month ago and you helped me remove it. My computer was running fine until all of the same things started happening again. Im pretty sure i still have the virus b/c my computer is running very slow and just plain bad. I ran VundoFix.exe (it found like 10 things), clicked remove vundo, and rebooted. I ran HijackThis and here is this log file.what i need to delete? ....

View 14 Replies View Related

XP Running Slow,showing Vundo Message

Feb 28, 2008

I am running XP Pro and it is very slow, I had a message from Mcafee that I had a vundo virus. When I am on the internet it is very slow and I have window screens open in explorer that dont open all the way and I get message.

I have attached a HiJack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:25 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPService.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPUser.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft Windows Feedback Panelwfpasieve.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1MI3AA1~1
apimgr.exe
C:WINDOWSsystem32winlogon.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:WINDOWSsystem32msiexec.exe
C:GARMINMapSource.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [70348166] rundll32.exe "C:WINDOWSsystem32ubiojhqe.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-21-515967899-1547161642-725345543-1004..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Elaine')
O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196486492274
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196493743468
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:Program FilesSymantecpcAnywhereawhost32.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

--
End of file - 7056 bytes

View 1 Replies View Related

Vundo ? High DPCs (40%+) System Usage (40%+)

Oct 19, 2007

I suspect that my PC is infected with Vundo. Ran FixVundo (Symantec Trojan.Vundo Removal Tool 1.5.0)in safemode but was not detected.
Seeing gebyy.dll and pmnnnkk.dll in Hijackthis! but unable to fix (log attached).

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:54:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32ctfmon.exe
D:WINDOWSSystem32svchost.exe
D:PROGRAM FILESPROCESS EXPLORERPROCEXP.EXE
D:WINDOWSSystem32svchost.exe
D:Program FilesInternet Exploreriexplore.exe
D:Documents and SettingsBuzzDesktopHiJackThis_v2.exe

O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - D:WINDOWSsystem32pmnnnkk.dll
O2 - BHO: (no name) - {CF3941B9-5A9D-4657-8E2F-D40E79C4AEDA} - D:WINDOWSsystem32gebyy.dll
O4 - HKLM..Run: [PinnacleDriverCheck] D:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: pmnnnkk - D:WINDOWSSYSTEM32pmnnnkk.dll

--
End of file - 1244 bytes

View 1 Replies View Related

Win32 ? Vundo!generic Virus Alert

Jul 30, 2007

having problem with win virus.I have windows xp and the specialist installed CA security for my anti-virus,anti-spam.

View 11 Replies View Related

High Risk Virus Alert With Trojan.Vundo

Oct 9, 2005

I'm running into a High Risk virus alert with Trojan.Vundo The object name is C:WINDOWSsystem32mljgd.dll --i've tried deleting it in safe mode through regedit but it always comes back up after i refresh.

View 3 Replies View Related

Hijackthis Help!!

Aug 30, 2005

Spybot Search & Destroy found abetterinternet.aurora and wwwcoolsearch. I have attached my information from hijackthis and hope someone can help me get rid of this.

Thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 8:11:53 PM, on 8/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32cisvc.exe
C:PROGRA~1IomegaSystem32AppServices.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:WINDOWSsystem32RioMSC.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:WINDOWSExplorer.EXE
C:Program FilesMcAfeeMcAfee AntiSpywareMssCli.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesMcAfeeMcAfee Shared ComponentsGuardianCMGrdian.exe
C:WINDOWSBCMSMMSG.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:PROGRA~1mcafee.comvsomcvsescn.exe
C:Program FilesJavajre1.5.0_02injusched.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:WINDOWSSystem32mhbj99d7.exe
C:WINDOWSSystem32hkcmd.exe
C:WINDOWSsystem32
undll32.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe
C:Program FilesDell SupportDSAgnt.exe
c:progra~1mcafee.comvsomcvsftsn.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.dellnet.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = about:blank
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = about:blank
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = http://localhost
R3 - URLSearchHook: (no name) - _{4FC95EDD-4796-4966-9049-29649C80111D} - (no file)
R3 - URLSearchHook: (no name) - _{0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {02B87ED9-9E43-E09C-1AC4-92BC697FB39C} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {07B87EDB-9E32-97EC-1AC6-9ABC1C7BB39B} - blank (file missing)
O2 - BHO: (no name) - {1FFB474E-FAFE-F077-D4EC-F80A070CA69D} - blank (file missing)
O2 - BHO: (no name) - {2FD6774C-D7BC-B233-F9DE-C02742388BAA} - blank (file missing)
O2 - BHO: (no name) - {37954ED9-B370-D5A8-37F4-A291594F9EAC} - blank (file missing)
O2 - BHO: (no name) - {3CAB4059-E440-2BC1-8156-6C5578F07B1F} - blank (file missing)
O2 - BHO: (no name) - {3FFD1251-E967-0AE8-D256-64550DA57A4C} - blank (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {5C8D9187-322B-5FA8-3FFF-775C454EACAD} - blank (file missing)
O2 - BHO: SDWin32 Class - {5FA6752A-C4A0-4222-88C2-928AE5AB4966} - blank (file missing)
O2 - BHO: MyBHOSpy Class - {C52CBAEC-D969-4635-9F50-426CC15CE463} - C:WINDOWSSystem32416881af.dll
O2 - BHO: (no name) - {CB266942-87D6-FA5E-D33D-884DF6F17C95} - blank (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [_AntiSpyware] C:Program FilesMcAfeeMcAfee AntiSpywareMssCli.exe
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [McAfee Guardian] "C:Program FilesMcAfeeMcAfee Shared ComponentsGuardianCMGrdian.exe" /SU
O4 - HKLM..Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_02injusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 - HKLM..Run: [msresearch] C:WINDOWSmsresearch.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [mhbj99d7] C:WINDOWSSystem32mhbj99d7.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSSystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSSystem32hkcmd.exe
O4 - HKLM..Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM..Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM..Run: [AdaptecDirectCD] "C:Program FilesRoxioEasy CD Creator 5DirectCDDirectCD.exe"
O4 - HKCU..Run: [DellSupport] "C:Program FilesDell SupportDSAgnt.exe" /startup
O4 - HKCU..Run: [AIM] C:PROGRA~1AIMaim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
pjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02in
pjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRA~1AIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me.../bridge-c9.cab
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} - http://www.spyblast.com/download/SBFullSInst.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52...3C00/setup.exe
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: Iomega App Services - Iomega Corporation - C:PROGRA~1IomegaSystem32AppServices.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:WINDOWSsystem32RioMSC.exe

View 6 Replies View Related

Start Time Slower After Removing VUNDO VIRUS/SPYWARE

Feb 27, 2007

My startup time has increased by at least 8 mins

my HJT log is:

Logfile of HijackThis v1.99.1
Scan saved at 11:33:54 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:Program FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32 cpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesJavajre1.5.0_11injusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:PROGRA~1TASKBA~1TaskBar.exe
C:Program FilesuTorrentutorrent.exe
C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
C:WINDOWSsystem32 askmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMSN Messengerusnsvc.exe
C:Documents and Settings
.chanDesktopVundo Remove ToolshijackthisTJH.exe.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll
O2 - BHO: (no name) - {61ACC408-B733-482E-BDF1-C020F10014FE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11inssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)
O2 - BHO: (no name) - {CF293022-3C24-4843-B47F-4F38D7334F4D} - (no file)
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [osCheck] "C:Program FilesNorton AntiVirusosCheck.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11injusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Taskbar Hide] "C:PROGRA~1TASKBA~1TaskBar.exe" -Start
O4 - HKCU..Run: [�Torrent] "C:Program FilesuTorrentutorrent.exe"
O4 - HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware Doctorswdoctor.exe" /Q
O4 - Global Startup: Norton GoBack.lnk = C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11inssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160655278677
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:Program FilesNorton AntiVirusisPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:Program FilesSpyware Doctorsdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe

View 14 Replies View Related

HijackThis Scan

May 22, 2005

MY computer is running slow. I have a cable connection with Charter. I run McAfee firewall and antivirus, Spybot Search and Destroy, Ad-Aware SE Personal, Ace Utilities, WinASO Disk Clearner, Error Nuker and Executive Software to defrag.

I just downloaded HijackThis and ran it. Here is the print out:

Logfile of HijackThis v1.99.1
Scan saved at 7:31:57 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
C:Program FilesMicrosoft IntelliPointpoint32.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:PROGRA~1MCAFEE.COMPERSON~1MPFTRAY.EXE
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesSwiss Army WareSpamAwayMailGuardMailGuard.exe
C:Program FilesKitcoKcastKcast.exe
C:Program FilesSwiss Army WareSpamAwayAntiSpamAntiSpam.exe
C:PROGRA~1MCAFEE.COMPERSON~1MPFAGENT.EXE
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
C:WINDOWSsystem32gearsec.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1MCAFEE.COMPERSON~1MPFSERVICE.exe
C:WINDOWSsystem32
vsvc32.exe
C:WINDOWSSystem32snmp.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32fxssvc.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:WINDOWSSystem32alg.exe
C:Program FilesAIM95aim.exe
c:progra~1mcafee.comvsomcvsftsn.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsKathieLocal SettingsTemporary Internet FilesContent.IE58F6J056JHijackThis1991[1].exe

O1 - Hosts: 127.98.9.2 pop-server.charter.net.b9
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn1ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:Program FilesDragon SystemsNaturallySpeakingProgramweb_ie.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:WINDOWSDownloaded Program FilesCONFLICT.1SbCIe02a.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn1ycomp5_6_0_0.dll
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [IntelliPoint] "C:Program FilesMicrosoft IntelliPointpoint32.exe"
O4 - HKLM..Run: [MPFExe] C:PROGRA~1MCAFEE.COMPERSON~1MPFTRAY.EXE
O4 - HKCU..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /0
O4 - HKCU..Run: [b9] "C:Program FilesSwiss Army WareSpamAwayMailGuardMailGuard.exe" /minimize
O4 - HKCU..Run: [KITCO] C:Program FilesKitcoKcastKcast
O4 - HKCU..RunOnce: [DelayShred] "C:Program FilesMcAfeeMcAfee Shared ComponentsShredderSHRED32.EXE" /q C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5�DUNOFS3SEARCH~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5ATL2BALO3120-2~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5�DUNOFS3DDL_1~1.SH! C:DOCUME~1KathieLOCALS~1TEMPOR~1Content.IE5I9QV8LM1�_1793~1.SH!
O4 - Startup: AntiSpam.lnk = C:Program FilesSwiss Army WareSpamAwayAntiSpamAntiSpam.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: &Check Spelling - res://C:Program FilesieSpellieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:Program FilesieSpellieSpell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1Office10EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSSystem32msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpellieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpellieSpell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpellieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpellieSpell.dll
O9 - Extra button: (no name) - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:WINDOWSDownloaded Program FilesCONFLICT.1SbCIe02a.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIM95aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1YAHOO!MESSEN~1YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:PROGRA~1YAHOO!MESSEN~1YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O12 - Plugin for .UVR: C:Program FilesInternet ExplorerPluginsNPUPano.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud14.sports.sc5.yahoo.com/j...lgcst1010_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud7.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon...oad/tgctlar.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1493507C-8A33-4747-8696-9019F8962B5F} (QCV6C020.Install) - http://www.quickcleaner.com/qkc11/cab/QCV6C020.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...84/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/12fde57...ip/RdxIE601.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars...erxsigned35.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah.../yse/ymmapi.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,21/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/be...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...430/mcfscan.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:Program FilesExecutive SoftwareDiskeeperDkService.exe
O23 - Service: GEARSecurity - GEAR Software - C:WINDOWSsystem32gearsec.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1MCAFEE.COMPERSON~1MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32
vsvc32.exe

View 6 Replies View Related

HijackThis Scan

Apr 2, 2006

My computer may have been affected by a trojan by some site, but firefox may have forbidded that site, i did my scans and things look fine but i just wanna make sure and be on the safe side. Here is my Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 12:16:06 PM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton AntiVirus
avapsvc.exe
C:Program FilesNorton AntiVirusIWPNPFMntor.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSALCWZRD.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesAOL1129239772eeAOLSoftware.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesiPodiniPodService.exe
C:Program FilesLogitechVideoLogiTray.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesPlaxo2.5.10.17PlaxoHelper.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijackThisHijackThis.exe

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gatewaybiz.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.gateway.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O2 - BHO: CBHOBJObj Object - {8A406068-D45C-40B9-A096-38AC717FB608} - C:WINDOWSBHOBJ.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton AntiVirusNavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1129239772eeAOLSoftware.exe
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [PlaxoUpdate] C:Program FilesPlaxo2.5.10.17PlaxoHelper.exe -a
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program FilesLogitechVideoManifestEngine.exe" boot
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:program filesaolaol toolbar 3.0
esourcesen-USlocalsearch.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:Program FilesAOLAOL Toolbar 3.0aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSAOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:Program FilesNorton AntiVirus
avapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:Program FilesNorton AntiVirusIWPNPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe

View 13 Replies View Related

Minor Hijackthis Log

Dec 28, 2004

We are having some minor problems with a system at work. I was wondering if someone knowledgable about these logs would take a look at it, and see if anything stands out, or needs fixed.

View 8 Replies View Related

100% CPU Usage - HijackThis Log

Mar 28, 2005

I've been having problems with my CPU Usage being around or at 100% for the past few days. Tried spybot and that didn't help. Here is my HijackThis log.

View 4 Replies View Related