| [Fixed] Hijackthis! Logs - Expert Needed- Hijack This Log- Help Needed, Looks like foreign language posted in the Security & Safety forums; Ok, I ran the VundoFix program about 2 or 3 times and after the last time I ran it, it came up with no problems or infections. Below are the ... |
  |
|
|
01-24-2008
|
|
 |
Bronze Member
|
|
Join Date: Jan 2008
Posts: 20 PC Experience: Beginner
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
Ok, I ran the VundoFix program about 2 or 3 times and after the last time I ran it, it came up with no problems or infections. Below are the results from the Bitdefender scan & the Hijack Log. However this time when I scanned with the Hijack Log, it was finished in less than a minute. The last time, it took about 5 or 10 minutes to scan the whole system. Let me know if another Hijack Scan is needed. It seems that every time I connect to the internet I have more trojans and such. The problem is that the programs delete what they find, but it keeps coming back almost like it's neverending. Well thanks for taking the time to read it and if you can solve my problem, I would be so grateful to you. My last resort is to start completely fresh with the whole system.
BitDefender Online Scanner
Scan report generated at: Thu, Jan 24, 2008 - 00:43:50
Scan path: C:\ :\;
Statistics
Time
01:59:16
Files
270358
Folders
7665
Boot Sectors
2
Archives
9167
Packed Files
14581
Results
Identified Viruses
13
Infected Files
34
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
34
Engines Info
Virus Definitions
976769
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status C:\Documents and Settings\Dana Daniel\Local Settings\Temp\DC4.tmp=>(NSIS o)=>zlib_nsis0001
Detected with: Adware.Purityscan.BH
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\DC4.tmp=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\DC4.tmp=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\DC4.tmp=>(NSIS o)
Update failed
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXM74LIZ\popup[1].htm
Infected with: Trojan.Clicker.CM
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXM74LIZ\popup[1].htm
Disinfection failed
C:\Documents and Settings\Dana Daniel\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXM74LIZ\popup[1].htm
Deleted
C:\Documents and Settings\Dana Daniel\Local Settings\Temporary Internet Files\Content.IE5\36G7NP4P\m3[1]
Infected with: Trojan.Vundo.DWS
C:\Documents and Settings\Dana Daniel\Local Settings\Temporary Internet Files\Content.IE5\36G7NP4P\m3[1]
Deleted
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Infected with: Backdoor.Agent.AHJ
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP707\A0118964.exe
Detected with: Adware.CFD
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP707\A0118964.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP707\A0122289.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP707\A0122289.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP707\A0122289.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP708\A0123291.dll
Infected with: Trojan.Vundo.DRT
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP708\A0123291.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP708\A0123292.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP708\A0123292.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP708\A0123292.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP724\A0131416.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP724\A0131416.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP724\A0131416.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP725\A0133433.exe
Infected with: Generic.Sdbot.8F4CC857
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP725\A0133433.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133707.dll
Infected with: Trojan.Vundo.DVD
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133707.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133707.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133721.exe
Detected with: Adware.Purityscan.BH
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133721.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133721.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133722.dll
Infected with: Trojan.Vundo.DSJ
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133722.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133723.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133723.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133723.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133724.dll
Infected with: Trojan.Vundo.DWS
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133724.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133725.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133725.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133725.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133728.dll
Infected with: Trojan.Vundo.DSJ
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133728.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133729.dll
Infected with: Trojan.Vundo.DVC
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133729.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133729.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133730.dll
Infected with: Trojan.Vundo.DVC
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133730.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133730.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133731.dll
Infected with: Trojan.Vundo.DVC
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133731.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133731.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133732.dll
Infected with: Trojan.Vundo.DUP
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133732.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133733.dll
Infected with: Trojan.Vundo.DVC
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133733.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133733.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133734.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133734.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133734.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133735.exe
Infected with: Trojan.Fotomoto.H
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133735.exe
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133735.exe
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133736.dll
Infected with: Trojan.Vundo.DUP
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133736.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133737.dll
Infected with: Trojan.Virtumonde.IO
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133737.dll
Disinfection failed
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133737.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133738.dll
Infected with: Trojan.Vundo.DRT
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP726\A0133738.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133878.dll
Infected with: Trojan.Vundo.DWS
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133878.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133879.dll
Infected with: Trojan.Vundo.DWS
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133879.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133880.dll
Infected with: Trojan.Vundo.DWS
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133880.dll
Deleted
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133898.exe
Infected with: Backdoor.Agent.AHJ
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP730\A0133898.exe
Deleted
C:\VundoFix Backups\hwljllug.dll.bad
Infected with: Trojan.Vundo.DWS
C:\VundoFix Backups\hwljllug.dll.bad
Deleted
C:\VundoFix Backups\qmihtlet.dll.bad
Infected with: Trojan.Vundo.DWS
C:\VundoFix Backups\qmihtlet.dll.bad
Deleted
C:\VundoFix Backups\uvntoilj.dll.bad
Infected with: Trojan.Vundo.DWS
C:\VundoFix Backups\uvntoilj.dll.bad
Deleted
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:47 PM, on 1/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1128027211\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128027211\ee\AOLServiceHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1128027211\ee\services\antiSpywareApp\ve r2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1128027211\ee\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://register.hp.com/servlet/WebR...=EN&prodOS=012
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O1 - Hosts: 17.250.248.77 idisk0.mac.com idisk1.mac.com idisk2.mac.com idisk3.mac.com idisk4.mac.com idisk5.mac.com idisk6.mac.com idisk7.mac.com idisk8.mac.com idisk9.mac.com idisk10.mac.com idisk11.mac.com idisk12.mac.com idisk13.mac.com idisk14.mac.com idisk15.mac.com idisk16.mac.com idisk17.mac.com idisk18.mac.com idisk19.mac.com idisk20.mac.com idisk21.mac.com idisk22.mac.com idisk23.mac.com idisk24.mac.com idisk25.mac.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {fcee175b-a31b-1d6b-0cc4-f1228107a081} - {180a7018-221f-4cc0-b6d1-b13ab571eecf} - C:\WINDOWS\system32\kurlvovi.dll (file missing)
O2 - BHO: (no name) - {37F5A4DA-9360-4C86-AC47-4A6480D060BD} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128027211\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presar io&pf=laptop
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: tuvutqq - tuvutqq.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 9128 bytes
|
|
01-25-2008
|
|
|
Senior Security Analyst
|
|
Join Date: Dec 2006
Location: In a van, down by the river
Posts: 548 PC Experience: Experienced
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
Why did you run VundoFix more than once????
I still would like to see the logs - even when they do not find anything. There is other useful information in the logs at times.
I understand your problem that is why I need you to follow my directions so we can fix it. I will be able to instruct you on how to remove the infections but as I stated - you need to follow my instructions.
Please post the VundoFix log(s) so I can determine the next step.
Thanks.
|
|
01-26-2008
|
|
|
Bronze Member
|
|
Join Date: Jan 2008
Posts: 20 PC Experience: Beginner
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
I followed your directions almost to the T. When I say I ran the Vundo program more than once, I mean i followed the *Note* because there were still files on it. What if nothing comes up on the Vundo, then how to I post a log. I didnt know where to find the log, if it showed no files.
|
|
01-26-2008
|
|
|
Senior Security Analyst
|
|
Join Date: Dec 2006
Location: In a van, down by the river
Posts: 548 PC Experience: Experienced
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
As stated in the directions:
* Please post the contents of C:\vundofix.txt.
I would like to clarify this:
According to the NOTE, VundoFix would run on reboot if there were still files found. It does not ask you to run it again. Did you run it it again yourself or did it run on its own?
__________________
Steve
Last edited by dahli; 01-26-2008 at 07:17 AM.
|
|
01-26-2008
|
|
|
Bronze Member
|
|
Join Date: Jan 2008
Posts: 20 PC Experience: Beginner
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
Please don't get frustrated with me, I am honestly trying to do everything you suggest. It scanned everything and then the computer went blank except for the Vundo program, and then the computer restarted. I don't know how to post the contents of Vundo. When it scanned it pulled up a lot of files and then I clicked YES to remove the contents. Then there were no more files. Please tell me where to find the Vundo text that you are looking for. Thanks.
|
|
01-26-2008
|
|
|
Bronze Member
|
|
Join Date: Jan 2008
Posts: 20 PC Experience: Beginner
|
|
Re: Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
I just have a quick question, some of the Xp programs, for example, being able to put the volume control button on the lower right hand corner are not working. It will not let me choose that option and says I need to get the volume control button. My question is do you think it is because of all the viruses and trojans? Also, can I downloaded from the Xp site?
|
New! Norton Internet Security 2008 – Download Now Click Here |
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
Expert Needed- Hijack This Log- Help Needed, Looks like foreign language
