Our November Competition
User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Register for a Free Account

[Fixed] Hijackthis! Logs - [Fixed] Multiple pop ups, freezes my pc sometimes posted in the Security & Safety forums; Did you run VundoFix as I directed earlier on? Please post the contents of C:\ vundofix.txt ....


Reply
Free PC Performance Scan
Old 07-19-2007   #8
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,177
PC Experience: PC Guru
Default

Did you run VundoFix as I directed earlier on? Please post the contents of C:\vundofix.txt.
chiaz is online now   Reply With Quote
Advertisement - Register to Remove
Old 07-20-2007   #9
Bronze Member
 
Join Date: Jul 2007
Posts: 46
Default

hi, yes i did here it is

Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
C:\System Volume Information: (not scanned)
Trojan.Vundo has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 96553
The number of deleted files: 0
The number of viral processes terminated: 1
The number of viral processes suspended: 1
The number of viral threads terminated: 0
The number of registry entries fixed: 0


My anti virus program keeps saying that it keeps blocking Trojan.Vundo and Downloader. all i remember is clicking on two .exe files and ever since then the problem begin.
NeryCastillo21 is offline   Reply With Quote
Old 07-20-2007   #10
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,177
PC Experience: PC Guru
Default

What you ran was Symantec's removal tool.

From experience, that does not completely remove all Vundo variants. Please run VundoFix as I directed here:
http://www.pchelpforum.com/hijackthi...tml#post206022
chiaz is online now   Reply With Quote
Old 07-21-2007   #11
Bronze Member
 
Join Date: Jul 2007
Posts: 46
Default

sorry about that i got mixed up with the names here is the vundofix.txt


VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 10:34:31 PM 7/20/2007
Listing files found while scanning....
C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\cbeeg.tmp
C:\windows\system32\cgfgyhwr.dll
C:\windows\system32\epicyxmq.ini
C:\windows\system32\erilaqks.dll
C:\windows\system32\fcwlvmuy.ini
C:\windows\system32\fmefacet.dll
C:\windows\system32\fyepffwd.dll
C:\WINDOWS\system32\geebc.dll
C:\windows\system32\hujxromx.dll
C:\windows\system32\jcmalggm.dll
C:\windows\system32\jstjhjbu.dll
C:\windows\system32\lmfjbjhp.dll
C:\windows\system32\mlttcdlm.dll
C:\windows\system32\mslpvpls.dll
C:\windows\system32\mstifeeo.dll
C:\windows\system32\msukogde.dll
C:\windows\system32\opfnlbkq.dll
C:\windows\system32\oyxhrunh.dll
C:\windows\system32\ppjtjffr.dll
C:\WINDOWS\system32\qmxycipe.dll
C:\windows\system32\qwqaxwvf.dll
C:\windows\system32\rgqbryyw.dll
C:\windows\system32\riganugt.dll
C:\windows\system32\ubjhjtsj.ini
C:\windows\system32\ujpahfhr.dll
C:\windows\system32\unvsrfko.dll
C:\windows\system32\vblkaqsy.dll
C:\WINDOWS\system32\wsoyvaaj.dll
C:\windows\system32\yumvlwcf.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cbeeg.bak1
C:\WINDOWS\system32\cbeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.bak2
C:\WINDOWS\system32\cbeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.ini
C:\WINDOWS\system32\cbeeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.ini2
C:\WINDOWS\system32\cbeeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cbeeg.tmp
C:\WINDOWS\system32\cbeeg.tmp Has been deleted!
Attempting to delete C:\windows\system32\cgfgyhwr.dll
C:\windows\system32\cgfgyhwr.dll Has been deleted!
Attempting to delete C:\windows\system32\epicyxmq.ini
C:\windows\system32\epicyxmq.ini Has been deleted!
Attempting to delete C:\windows\system32\erilaqks.dll
C:\windows\system32\erilaqks.dll Has been deleted!
Attempting to delete C:\windows\system32\fcwlvmuy.ini
C:\windows\system32\fcwlvmuy.ini Has been deleted!
Attempting to delete C:\windows\system32\fmefacet.dll
C:\windows\system32\fmefacet.dll Has been deleted!
Attempting to delete C:\windows\system32\fyepffwd.dll
C:\windows\system32\fyepffwd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geebc.dll
C:\WINDOWS\system32\geebc.dll Has been deleted!
Attempting to delete C:\windows\system32\hujxromx.dll
C:\windows\system32\hujxromx.dll Has been deleted!
Attempting to delete C:\windows\system32\jcmalggm.dll
C:\windows\system32\jcmalggm.dll Has been deleted!
Attempting to delete C:\windows\system32\jstjhjbu.dll
C:\windows\system32\jstjhjbu.dll Has been deleted!
Attempting to delete C:\windows\system32\lmfjbjhp.dll
C:\windows\system32\lmfjbjhp.dll Has been deleted!
Attempting to delete C:\windows\system32\mlttcdlm.dll
C:\windows\system32\mlttcdlm.dll Has been deleted!
Attempting to delete C:\windows\system32\mslpvpls.dll
C:\windows\system32\mslpvpls.dll Has been deleted!
Attempting to delete C:\windows\system32\mstifeeo.dll
C:\windows\system32\mstifeeo.dll Has been deleted!
Attempting to delete C:\windows\system32\msukogde.dll
C:\windows\system32\msukogde.dll Has been deleted!
Attempting to delete C:\windows\system32\opfnlbkq.dll
C:\windows\system32\opfnlbkq.dll Has been deleted!
Attempting to delete C:\windows\system32\oyxhrunh.dll
C:\windows\system32\oyxhrunh.dll Has been deleted!
Attempting to delete C:\windows\system32\ppjtjffr.dll
C:\windows\system32\ppjtjffr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qmxycipe.dll
C:\WINDOWS\system32\qmxycipe.dll Could not be deleted.
Attempting to delete C:\windows\system32\qwqaxwvf.dll
C:\windows\system32\qwqaxwvf.dll Has been deleted!
Attempting to delete C:\windows\system32\rgqbryyw.dll
C:\windows\system32\rgqbryyw.dll Has been deleted!
Attempting to delete C:\windows\system32\riganugt.dll
C:\windows\system32\riganugt.dll Has been deleted!
Attempting to delete C:\windows\system32\ubjhjtsj.ini
C:\windows\system32\ubjhjtsj.ini Has been deleted!
Attempting to delete C:\windows\system32\ujpahfhr.dll
C:\windows\system32\ujpahfhr.dll Has been deleted!
Attempting to delete C:\windows\system32\unvsrfko.dll
C:\windows\system32\unvsrfko.dll Has been deleted!
Attempting to delete C:\windows\system32\vblkaqsy.dll
C:\windows\system32\vblkaqsy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wsoyvaaj.dll
C:\WINDOWS\system32\wsoyvaaj.dll Has been deleted!
Attempting to delete C:\windows\system32\yumvlwcf.dll
C:\windows\system32\yumvlwcf.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\qmxycipe.dll
C:\WINDOWS\system32\qmxycipe.dll Has been deleted!
Performing Repairs to the registry.
Done!
NeryCastillo21 is offline   Reply With Quote
Old 07-21-2007   #12
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,177
PC Experience: PC Guru
Default



Now post a new HijackThis log, let's see if the Vundo infection is all cleared up.
chiaz is online now   Reply With Quote
Old 07-22-2007   #13
Bronze Member
 
Join Date: Jul 2007
Posts: 46
Default

Hi, the pop ups went away temporarily, some how my pc keeps getting infected, i did another vundo repair, fixed it again and here the Fresh HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 5:56:43 AM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=local host:8118;socks=localhost:9050
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FB63E52-4D6E-48C1-A08F-F630FE50F337} - C:\WINDOWS\system32\mljihfe.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {80781C9F-8B82-4AD9-860B-17A87421A9BA} - C:\WINDOWS\system32\geebc.dll (file missing)
O2 - BHO: (no name) - {BBBA4559-3167-4289-AD1A-AD95C6127DB4} - C:\WINDOWS\system32\jkkli.dll (file missing)
O2 - BHO: (no name) - {D707DB5A-08D3-4A98-BC38-DD4FB6906982} - C:\WINDOWS\system32\ssqpq.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: mljihfe - C:\WINDOWS\SYSTEM32\mljihfe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winuns32 - C:\WINDOWS\SYSTEM32\winuns32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
NeryCastillo21 is offline   Reply With Quote
Old 07-22-2007   #14
Bronze Member
 
Join Date: Jul 2007
Posts: 46
Default

here is the vundofex reports

Scan started at 4:43:09 PM 7/21/2007
Listing files found while scanning....
C:\WINDOWS\system32\hwkrnswi.dll
C:\WINDOWS\system32\iwsnrkwh.ini
C:\WINDOWS\system32\mwmuxjps.dll
C:\WINDOWS\system32\ssqpq.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hwkrnswi.dll
C:\WINDOWS\system32\hwkrnswi.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\iwsnrkwh.ini
C:\WINDOWS\system32\iwsnrkwh.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mwmuxjps.dll
C:\WINDOWS\system32\mwmuxjps.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\ssqpq.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hwkrnswi.dll
C:\WINDOWS\system32\hwkrnswi.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 5:42:39 AM 7/22/2007
Listing files found while scanning....
C:\windows\system32\dcgpqynf.dll
C:\WINDOWS\system32\fnyqpgcd.ini
C:\WINDOWS\system32\jccdewcs.dll
C:\WINDOWS\system32\jkkli.dll
Beginning removal...
Attempting to delete C:\windows\system32\dcgpqynf.dll
C:\windows\system32\dcgpqynf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\fnyqpgcd.ini
C:\WINDOWS\system32\fnyqpgcd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jccdewcs.dll
C:\WINDOWS\system32\jccdewcs.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\dcgpqynf.dll
C:\windows\system32\dcgpqynf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkli.dll
C:\WINDOWS\system32\jkkli.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Scan started at 5:52:56 AM 7/22/2007
Listing files found while scanning....
No infected files were found.
NeryCastillo21 is offline   Reply With Quote

Reply


Bookmarks

Tags
fixed, freezes, multiple, pc, pop, ups

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On




All times are GMT. The time now is 02:24 AM.
Powered by vBulletin
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2