Trojan.vundo Won't Go
Jan 22, 2006
I've got the trojan.vundo virus. I have installed and run the vundo removal tool, and it shows me that it is gone-but when I restart my computer, Norton anti-virus finds it again (and again...and again).
View 14 Replies
ADVERTISEMENT
Nov 2, 2007
I get this trojan today and i never get viruses usually but this one reaqlly is annoying!
Ive looked at all the other posts and ive tried using the vundo fix tool etc but it does not pick it up at all. Ive tried doing it in safe mode and ive tried unistalling java to see if it was involved with that but nothing has worked so far.
I have located the file in my system32 folder and its named xxyywtq.dll but theres no way it will let me delete it as it says it is being used by another program or person.
View 1 Replies
View Related
Oct 17, 2005
I've been getting this winfixer 2005 pop up window everytime i open my pc. what i normally do is just close it. i've learned that it's something to do with the trojan.vundo.b virus. i searched the net for removal tools and downloaded one from norton but it didnt help.Now, i've been receiving virus alerts from norton.
View 14 Replies
View Related
Dec 10, 2005
We network our computers and I had alot of adware and a trojan virus on mine so I do believe she has the same. I ran a NIS scan and found a vundo trojan on this computer (hers). Had to download the tool to remove it and it appears it was successful. But the computer is still so slow and having some internet explorer errors.
View 14 Replies
View Related
Apr 15, 2007
I had this Trojan vundo virus about a month ago and you helped me remove it. My computer was running fine until all of the same things started happening again. Im pretty sure i still have the virus b/c my computer is running very slow and just plain bad. I ran VundoFix.exe (it found like 10 things), clicked remove vundo, and rebooted. I ran HijackThis and here is this log file.what i need to delete? ....
View 14 Replies
View Related
Oct 9, 2005
I'm running into a High Risk virus alert with Trojan.Vundo The object name is C:WINDOWSsystem32mljgd.dll --i've tried deleting it in safe mode through regedit but it always comes back up after i refresh.
View 3 Replies
View Related
Feb 11, 2005
I have of lot of trojans and can't seem to get rid of them I have ran Spy Bot,Avast,Ad-Aware,Stop Sign and found a 1 Trojan in reg32.exe =trojan.low zones
2 downloaded program files says: Trojan.downloader1097 3 System 32 sygate = Win32.HLLW.MyBot.based 4 Avenue Media Internet Optimizer Software Package = Possible spyware Application 5 Appropos Media People On Page Application = Possible Spyware
View 1 Replies
View Related
Aug 14, 2007
i used a vundo fix and got rid of all of the vundo viruses but two would not go away.
i got error message : Error: 75. Path/File access error
The two files were :
c:WINDOWSsystem32jkkjk.dll
c:WINDOWSsystem32\kjkkj.ini
why these two vundos won't go away? They won't clean from my antivirus or quarantine either.They keep popping up in my system notifying me that they are there.
View 10 Replies
View Related
Oct 15, 2005
A message from Norton that says I have a Trogan Vundo on my computer.When I use the Norton removal tool it does not find the virus.When I use the Norton scan it does.
View 3 Replies
View Related
May 10, 2007
Infected by the vundo/virtumonde virus
I have ran scans of spysweeper and max registry cleaner, and from what i understand the actual malware is gone. the problems is i have no icons/taskbar. ive tried running explorer.exe through the task manager, which gets the taskbar to flash fora couple seconds, but it disappears shortly after. ive tried running taskbar repair tool plus, but that doesnt help me much.
Here is it
Logfile of HijackThis v1.99.1
Scan saved at 4:10:39 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveAntivirusMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32LEXPPS.EXE
C:PROGRA~1COMMON~1AOLACSacsd.exe
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comvsomcshield.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesUPHCleanuphclean.exe
C:WINDOWSwanmpsvc.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesSkyhook WirelessWi-Fi ServiceWPSScannerSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows OneCare LiveFirewallmsfwsvc.exe
C:Program FilesMicrosoft Windows OneCare Livewinss.exe
C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32DllHost.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesHijackThisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.emachines.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [SunKistEM] "C:Program FileseMachines Bay Readershwiconem.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_03�injusched.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] c:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [MSKAGENTEXE] C:PROGRA~1McAfeeSPAMKI~1MSKAgent.exe
O4 - HKLM..Run: [IPHSend] "C:Program FilesCommon FilesAOLIPHSendIPHSend.exe"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "C:Program FilesMcAfee.comVSOmcvsshld.exe"
O4 - HKLM..Run: [OASClnt] "C:Program FilesMcAfee.comVSOoasclnt.exe"
O4 - HKLM..Run: [OneCareUI] "C:Program FilesMicrosoft Windows OneCare Livewinssnotify.exe"
O4 - HKLM..Run: [RCSystemTray] "C:Program FilesMax Registry CleanerMaxRCSystemTray.exe"
O4 - HKLM..Run: [SNM] "C:Program FilesSpyNoMoreSNM.exe" /startup
O4 - HKLM..Run: [KernelFaultCheck] C:WINDOWSsystem32dumprep 0 -k
O4 - HKLM..Run: [RCAutoLiveUpdate] "C:Program FilesMax Registry CleanerMaxLiveUpdateRC.exe" -AUTO
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2�in
pjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2�in
pjpi142.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:WINDOWSSystem32shdocvw.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:Program FilesICQICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.adxgate.net (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.snipenet.net (HKLM)
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O17 - HKLMSystemCCSServicesTcpip..{FB2E15D9-1174-4951-A108-219BE5713585}: NameServer = 71.242.0.12,71.252.0.12
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPod�iniPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:PROGRA~1McAfeeSPAMKI~1MSKSrvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe
O23 - Service: WPS Scanner Service (WPSScannerSvc) - Skyhook Wireless - C:Program FilesSkyhook WirelessWi-Fi ServiceWPSScannerSvc.exe
View 2 Replies
View Related
May 18, 2007
I downloaded vundo.exe and ran it . Says Ok
Then I run xsoft and says has vundo . ?
View 1 Replies
View Related
Oct 16, 2008
I have a vundo infection (on it's automatic scans) i ran superantispyware pro and it said clean.
Then i restarted, and it was back.
I ran superantispyware pro again, along with cwshredder, spybot, spyware blaster, and prevx. the infection seemed to be gone, but then the next day trendmicro alerted me that it was in my system restore. so i turned off system restore, restarted, re-enabled system restore and made a restore point.
The infection isn't gone.
Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:03, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
C:WINDOWSsystem32CTsvcCDA.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesGoogleUpdateGoogleUpdate.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:OfficeScan NT
trtscan.exe
c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32SearchIndexer.exe
C:Program Files�oneTick imesync.exe
C:Program FilesCanonCALCALMAIN.exe
C:Program FilesHewlett-PackardSharedhpqwmiex.exe
C:WINDOWSsystem32mqsvc.exe
C:OfficeScan NT mlisten.exe
C:WINDOWSsystem32mqtgsvc.exe
C:WINDOWSTEMP�HF45E.EXE
C:WINDOWSsystem32dllhost.exe
C:OfficeScan NTCNTAoSMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSehomeehtray.exe
C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
C:Program FilesJavajre1.6.0_07�injusched.exe
C:WINDOWSsystem32igfxtray.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHpHP Software UpdateHPWuSchd2.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesBabylonBabylon-ProBabylon.exe
C:Program FilesCreativeCreative ZEN�EN Media ExplorerCTCheck.exe
C:GeniusioCentregTaskBar.exe
C:OfficeScan NTpccntmon.exe
C:GeniusioCentregMouseTask.exe
C:GeniusioCentregKbdTask.exe
C:GeniusioCentregAutoPan.exe
C:GeniusioCentregAutoScroll.exe
C:GeniusioCentregZoom.exe
C:GeniusioCentregMGlass.exe
C:GeniusioCentregIMMgm.exe
C:GeniusioCentregDeskMgm.exe
C:Program FilesRainlendar2Rainlendar2.exe
C:GeniusioCentregTaskSwitch.exe
C:Program FilesATnotesATnotes.exe
C:Program Files�oneTickzonetick.exe
C:Documents and SettingscalindraLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
c:program filescommon filesinstallshieldupdateserviceisuspm.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceagent.exe
C:Program FilesOperaopera.exe
C:Program FilesPrevx2PXConsole.exe
C:Program FilesPrevx2PXAgent.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32SearchProtocolHost.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.seamonkey-project.org/start/"); (C:Documents and SettingsCALINDRAApplication DataMozillaProfilesdefaultzz9effyd.sltprefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.s rc"); (C:Documents and SettingsCALINDRAApplication DataMozillaProfilesdefaultzz9effyd.sltprefs.js)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayer
pbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:Documents and SettingsAll UsersApplication DataPrevxpxbho.dll
O2 - BHO: (no name) - {5C38F1A3-C14E-4EBD-A55B-CF9EE24FE46F} - C:WINDOWSsystem32qOIxWPhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07�inssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 - BHO: {edb801e3-ef97-2908-71d4-7b292271204c} - {c4021722-92b7-4d17-8092-79fe3e108bde} - (no file)
O2 - BHO: (no name) - {CE24BFF5-E53D-4D0E-A2A4-DBF6EE6E92C3} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:Program FilesVeoh NetworksVeohPlugins
egVeohToolbar.dll
O3 - Toolbar: (no name) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} - (no file)
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:PROGRA~1TEXTAL~1TAForIE.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [hpWirelessAssistant] C:Program FileshpqHP Wireless AssistantHP Wireless Assistant.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07�injusched.exe"
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM..Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [ISUSPM Startup] "c:Program FilesCommon FilesInstallShieldUpdateServiceisuspm.exe" -startup
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [QlbCtrl] %ProgramFiles%Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe /Start
O4 - HKLM..Run: [Cpqset] C:Program FilesHewlett-PackardDefault Settingscpqset.exe
O4 - HKLM..Run: [RecGuard] C:WindowsSMINSTRecGuard.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN.EXE /logon
O4 - HKLM..Run: [Babylon Client] C:Program FilesBabylonBabylon-ProBabylon.exe -AutoStart
O4 - HKLM..Run: [CTCheck] C:Program FilesCreativeCreative ZEN�EN Media ExplorerCTCheck.exe
O4 - HKLM..Run: [ioCentre] C:GeniusioCentregTaskBar.exe
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM..Run: [IMEKRMIG6.1] C:WINDOWSimeimkr6_1IMEKRMIG.EXE
O4 - HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 - HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 - HKLM..Run: [OfficeScanNT Monitor] "C:OfficeScan NTpccntmon.exe" -HideWindow
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device Support�inAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickFinder Scheduler] "c:Program FilesCorelWordPerfect Office X4ProgramsQFSCHD140.EXE"
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [PrevxOne] "C:Program FilesPrevx2PXConsole.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Rainlendar2] C:Program FilesRainlendar2Rainlendar2.exe
O4 - HKCU..Run: [ATnotes.exe] C:Program FilesATnotesATnotes.exe
O4 - HKCU..Run: [ZoneTick] C:Program Files�oneTickzonetick.exe
O4 - HKCU..Run: [Google Update] "C:Documents and SettingscalindraLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" /c
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:Program FilesVongoTray.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - c:Program FilesCorelWordPerfect Office X4ProgramsWPLauncher.hta
O8 - Extra context menu item: Translate with &Babylon - res://C:Program FilesBabylonBabylon-ProUtilsBabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07�inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07�inssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsAddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:WINDOWSsystem32CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c920b4c2ad0755) (gupdate1c920b4c2ad0755) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPod�iniPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:OfficeScan NT
trtscan.exe
O23 - Service: PREVXAgent - Prevx - C:Program FilesPrevx2PXAgent.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:OfficeScan NT mlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:OfficeScan NTTmProxy.exe
O23 - Service: ZoneTick Time (ZTime) - WR Consulting - C:Program Files�oneTick imesync.exe
--
End of file - 14271 bytes
View 14 Replies
View Related
Feb 28, 2008
I am running XP Pro and it is very slow, I had a message from Mcafee that I had a vundo virus. When I am on the internet it is very slow and I have window screens open in explorer that dont open all the way and I get message.
HiJack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:25 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPService.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPUser.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft Windows Feedback Panelwfpasieve.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1MI3AA1~1
apimgr.exe
C:WINDOWSsystem32winlogon.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:WINDOWSsystem32msiexec.exe
C:GARMINMapSource.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [70348166] rundll32.exe "C:WINDOWSsystem32ubiojhqe.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-21-515967899-1547161642-725345543-1004..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Elaine')
O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196486492274
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196493743468
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:Program FilesSymantecpcAnywhereawhost32.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPod�iniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
--
End of file - 7056 bytes
View 1 Replies
View Related
Apr 1, 2006
I have windows xp, i have avg antivirus and have run the tests in pc pitstop and done a regular search thru windows for the Trojan-Dropper.VBS.Inor.cz but can't locate it on my pc. My IE browser freezes everytime i go to a particular site and yet when i ask if anyone else has trouble with that site only a very few people say yes. The solution they give me is to download Mozilla and use it for that site. That doesn't protect me from the trojan completely infecting me does it? Can anyone tell me how to delete this trojan?
View 14 Replies
View Related
Feb 28, 2008
I am running XP Pro and it is very slow, I had a message from Mcafee that I had a vundo virus. When I am on the internet it is very slow and I have window screens open in explorer that dont open all the way and I get message.
I have attached a HiJack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:25 PM, on 2/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
C:PROGRA~1McAfeeMSCmcmscsvc.exe
c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcods.exe
C:PROGRA~1McAfeeMSCmcpromgr.exe
c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
C:Program FilesMcAfeeMPFMPFSrv.exe
C:PROGRA~1McAfeeMPSmps.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPService.exe
C:Program FilesMicrosoft Windows Feedback PanelWFPUser.exe
C:Program FilesMcAfeeMPSmpsevh.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft Windows Feedback Panelwfpasieve.exe
c:PROGRA~1mcafee.comagentmcagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesPalmHOTSYNC.EXE
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1MI3AA1~1
apimgr.exe
C:WINDOWSsystem32winlogon.exe
C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
C:WINDOWSsystem32
undll32.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:WINDOWSsystem32msiexec.exe
C:GARMINMapSource.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [70348166] rundll32.exe "C:WINDOWSsystem32ubiojhqe.dll",b
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-21-515967899-1547161642-725345543-1004..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe (User 'Elaine')
O4 - Startup: HotSync Manager.lnk = C:Program FilesPalmHOTSYNC.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1196486492274
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196493743468
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device Support�inAppleMobileDeviceService.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:Program FilesSymantecpcAnywhereawhost32.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:PROGRA~1COMMON~1McAfeeEmProxyemproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPod�iniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:Program FilesCommon FilesMcAfeeHackerWatchHWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:PROGRA~1McAfeeMSCmcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:PROGRA~1COMMON~1mcafee
edirsvc
edirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program FilesMcAfeeMPFMPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:PROGRA~1McAfeeMPSmps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
--
End of file - 7056 bytes
View 1 Replies
View Related
Oct 19, 2007
I suspect that my PC is infected with Vundo. Ran FixVundo (Symantec Trojan.Vundo Removal Tool 1.5.0)in safemode but was not detected.
Seeing gebyy.dll and pmnnnkk.dll in Hijackthis! but unable to fix (log attached).
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:54:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:WINDOWSSystem32smss.exe
D:WINDOWSsystem32winlogon.exe
D:WINDOWSsystem32services.exe
D:WINDOWSsystem32lsass.exe
D:WINDOWSSystem32svchost.exe
D:WINDOWSsystem32svchost.exe
D:WINDOWSsystem32spoolsv.exe
D:WINDOWSExplorer.EXE
D:WINDOWSsystem32ctfmon.exe
D:WINDOWSSystem32svchost.exe
D:PROGRAM FILESPROCESS EXPLORERPROCEXP.EXE
D:WINDOWSSystem32svchost.exe
D:Program FilesInternet Exploreriexplore.exe
D:Documents and SettingsBuzzDesktopHiJackThis_v2.exe
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - D:WINDOWSsystem32pmnnnkk.dll
O2 - BHO: (no name) - {CF3941B9-5A9D-4657-8E2F-D40E79C4AEDA} - D:WINDOWSsystem32gebyy.dll
O4 - HKLM..Run: [PinnacleDriverCheck] D:WINDOWSsystem32PSDrvCheck.exe -CheckReg
O4 - HKCU..Run: [ctfmon.exe] D:WINDOWSsystem32ctfmon.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: pmnnnkk - D:WINDOWSSYSTEM32pmnnnkk.dll
--
End of file - 1244 bytes
View 1 Replies
View Related
Jul 30, 2007
having problem with win virus.I have windows xp and the specialist installed CA security for my anti-virus,anti-spam.
View 11 Replies
View Related
Jan 17, 2006
Ran into some virus fun,I think it is gone. I ran vundofix.exe; symantec's vundo fix; virtumonde fix from symantec; trojanhunter; hijackthis; winpatrol; spysweeper; (some in safe mode). And removed a BHO for winlogon.exe with the mljgd.dll. That doesn't exist anymore,
HijackThis Log.
j.
Logfile of HijackThis v1.99.1
Scan saved at 10:36:39 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesJavaj2re1.4.2_03�injusched.exe
C:windowssystemhpsysdrv.exe
C:HPKBDKBD.EXE
C:WINDOWSsystem32VTTimer.exe
C:WINDOWSAGRSMMSG.exe
C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:WINDOWSsystem32hphmon03.exe
C:WINDOWSALCXMNTR.EXE
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesMcAfee.comVSOmcvsshld.exe
C:Program FilesMcAfee.comVSOoasclnt.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1mcafee.commpsmscifapp.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
c:program filesmcafee.comagentmcdetect.exe
c:PROGRA~1mcafee.comvsomcshield.exe
c:progra~1mcafee.comvsomcvsftsn.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
c:PROGRA~1mcafee.comagentmctskshd.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32svchost.exe
C:Program FilesWebrootSpy SweeperWRSSSDK.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesAdobeAcrobat 7.0ReaderAcroRd32.exe
C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Documents and SettingsHP_OwnerDesktopprocexp.exe
C:Program FilesJavaj2re1.4.2_03�injucheck.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:Program FilesMcAfee.comPersonal FirewallMpfTray.exe
C:PROGRA~1McAfee.comPERSON~1MpfService.exe
C:WINDOWSsystem32msiexec.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsHP_OwnerDesktophijackthisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:program filesmcafee.commpsmcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:program filesmcafee.commpspopupkiller.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06�injusched.exe
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HPHUPD06] c:Program FilesHP{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}hphupd06.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [Reminder] "C:WindowsCreatorRemind_XP.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSsystem32spooldriversw32x863hpztsb04.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHPHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [HPHmon03] C:WINDOWSsystem32hphmon03.exe
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB
ealsched.exe" -osboot
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"
O4 - HKLM..Run: [VSOCheckTask] "C:PROGRA~1McAfee.comVSOmcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] C:Program FilesMcAfee.comVSOmcvsshld.exe
O4 - HKLM..Run: [OASClnt] C:Program FilesMcAfee.comVSOoasclnt.exe
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] c:PROGRA~1mcafee.comagentmcupdate.exe
O4 - HKLM..Run: [MPFExe] C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
O4 - HKLM..Run: [MPSExe] c:PROGRA~1mcafee.commpsmscifapp.exe /embedding
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeper.exe" /startintray
O4 - HKLM..Run: [THGuard] C:Program FilesTrojanHunter 4.2THGuard.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Reader
eader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaging�inhpqtra08.exe
O8 - Extra context menu item: Add To HP Organize... - C:PROGRA~1HEWLET~1HPORGA~1�incore.hp.mainSendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06�in
pjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06�in
pjpi150_06.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:Program FilesHelloPicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:Program FilesHelloPicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1097093077531
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?322
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:WINDOWSSYSTEM32WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPod�iniPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:program filesmcafee.comagentmcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:PROGRA~1mcafee.comagentmctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:PROGRA~1McAfee.comPERSON~1MpfService.exe
O23 - Service: Pml Driver - HP - C:WINDOWSsystem32HPHipm09.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperWRSSSDK.exe
View 6 Replies
View Related
Feb 27, 2007
My startup time has increased by at least 8 mins
my HJT log is:
Logfile of HijackThis v1.99.1
Scan saved at 11:33:54 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
C:Program FilesSpyware Doctorsdhelp.exe
C:WINDOWSsystem32 cpsvcs.exe
C:WINDOWSSystem32snmp.exe
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32MsPMSPSv.exe
C:Program FilesJavajre1.5.0_11�injusched.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:PROGRA~1TASKBA~1TaskBar.exe
C:Program FilesuTorrentutorrent.exe
C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
C:WINDOWSsystem32 askmgr.exe
C:WINDOWSSystem32alg.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesMSN Messengerusnsvc.exe
C:Documents and Settings
.chanDesktopVundo Remove ToolshijackthisTJH.exe.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0AcrobatActiveXAcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:PROGRA~1SPYWAR~1 oolsiesdsg.dll
O2 - BHO: (no name) - {61ACC408-B733-482E-BDF1-C020F10014FE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_11�inssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)
O2 - BHO: (no name) - {CF293022-3C24-4843-B47F-4F38D7334F4D} - (no file)
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [osCheck] "C:Program FilesNorton AntiVirusosCheck.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.5.0_11�injusched.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [Taskbar Hide] "C:PROGRA~1TASKBA~1TaskBar.exe" -Start
O4 - HKCU..Run: [�Torrent] "C:Program FilesuTorrentutorrent.exe"
O4 - HKCU..Run: [Spyware Doctor] "C:Program FilesSpyware Doctorswdoctor.exe" /Q
O4 - Global Startup: Norton GoBack.lnk = C:Program FilesNorton SystemWorksNorton GoBackGBTray.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11�inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_11�inssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:PROGRA~1SPYWAR~1 oolsiesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:PokerTitan Pokercasino.exe
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:Program FilesNorton SystemWorksNorton CleanupWCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:Program FilesPartyPokerRunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb...LStreaming.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160655278677
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: mljjgda - mljjgda.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:Program FilesNorton SystemWorksNorton GoBackGBPoll.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:Program FilesNorton AntiVirusisPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:Program FilesSpyware Doctorsdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedAppCoreAppSvc32.exe
View 14 Replies
View Related
Jun 12, 2005
I was able to take it out with BART PE which I had to put into the cd drive and it would boot from the disk and it found the Trojan in the Windows Operating Boot File but when I deleated it I could not boot up after that! I tried to boot from safe mode and it would freeze after I would enter my password and then enter.
I had to restore the computer from a back up file I had but it is currently restored with the TROJAN AGAIN!
I am running:
XP PRO w/SP2 / NT PLATFORM
5.1 (BUILD 2600.XPSP_SP2_GDR.050301-1519)
Workstation / NTFS / i386 /EXPLORER EXE
AMD PROCCESSOR
View 3 Replies
View Related
Feb 10, 2005
Recently i was looking for a file to download and i ended up in a German site [i think] and it something popped up so i press "ok" thinking it was the file i needed. Suddenly, norton popped up and it said that i have a trojan virus and aunable to repair. I forgot the address but it ended with "assistanthelper[1]" Im not sure though.
View 6 Replies
View Related
Sep 8, 2007
PC is infected with this Trojan. I've downloaded xsoftspy and performed a full scan. It appears to remove the offending files but it still comes back.
When it does it tries to load up various internet sites telling me to download software.you advise running fixware. I've tried this and this is the result.
Username "MARK" - 08/09/2007 23:10:11 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLMSOFTWARE~Winlogon "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SM1BG"="C:\WINDOWS\SM1BG.EXE"
"Motive SmartBridge"="C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe"
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE"
"C-Media Mixer"="Mixer.exe /startup"
"SPAMfighter Agent"=""C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60"
"Adobe Reader Speed Launcher"=""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe""
"TkBellExe"=""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
"QuickTime Task"=""C:\Program Files\QuickTime\qttask.exe" -atboottime"
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"=""C:\Program Files\Messenger\msmsgs.exe" /background"
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
View 6 Replies
View Related
Feb 11, 2007
Recently, my laptop was attacked by a trojan called update.exe. i think i got it from an open network in a hotel. I have tried many things to try to get rid of it, ive ran all the spyware programs i have and ive gone into my hard drive and tried to delete it manually as well. nothing works to get rid of it. does anybody know how i could get rid of update.exe?
View 1 Replies
View Related
Oct 14, 2005
I am running windows XP and counterspy has picked up a FTP Attack Trojan. I quarantined then deleted it but it keeps coming back. I also tried a porgram called Swatit but that did not find anything wrong. My computer has started acting improperly.rejecting games etc.
View 11 Replies
View Related
Sep 29, 2010
I have a DLL in my windows/system32 folder. I have used a tool to see what processes are running and what they are associated with. It is asscoiated with explorer.exe as you can see that in the process checking tool. I have done some analysis on dlo1BC.dll and it appears it is virus, but I cant delete it, no matter what I try. When I shut down the conputer explorer wont shut down smoothly and I think this is because of the dlo1BC.dll associated with it in the processes.
View 7 Replies
View Related
Dec 6, 2006
I have a problem with my PC. A few days ago I received a URL in MSN messenger that infected me with a trojan horse when I entered the site.
Since then, AVG antivirus has popped up every time I startup my computer and has told me "threat detected - trojan horse downloader." I proceed to heal the file, yet next time I start up the same thing happens. The file name is simply "installer.exe". Immediately after this, my internet explorer opens and opens "web.links4all.biz",which I believe re-infects me. Since then, I have worked with my PC for a few days, with the intention of coming on here and sorting out the problem when I get the chance, unfortunately, the problem has escalated.
During my usual practice, AVG popped up saying "threat detected" once again. This time, the problem was "Trojan horse flooder." I told it to heal the file, it said it was healed, but told me I had to restart my computer for the process to complete.I restarted my computer, but after the first windows loading screen, the system shuts off and automatically reboots, until it reaches this point where the same thing happens.
I've tried using safe mode, and nothing has changed, it still enters the cycle of restarting continually.
View 14 Replies
View Related
May 15, 2006
I have Windows xp. If I have a Trojan Horse on my pc, is it safe still to use it? or should I wait till I can get the TH off of here? What exactly will it do to my machine?
View 3 Replies
View Related
Dec 10, 2006
Recently my AVG has popped up saying that i have recieved a Trojan. Also the computer and internet seem to be alot slower and the computer wont actually turn it off, it will only go into standby.
View 4 Replies
View Related
Sep 2, 2009
The Anti Trojan software is available on net.Does anyone knows about it?Is it helpful in removing Trojan?
View 4 Replies
View Related
Jan 11, 2005
infected with trojan virus. What do I do?
View 10 Replies
View Related
May 23, 2006
i got a trojen virus on my computer just resently i have norton and avg but i would like to now what programs are good to have to to keep things safe.
View 2 Replies
View Related
