Hi Chiaz
Thats me done what you asked, thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:08, on 25/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\byXNfDUo.dll,#1
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [BM77f2397b] Rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\ohhemiaj.dll", s
O4 - HKCU\..\Run: [74c10ae7] rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\fqljivii.dll", b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 4579 bytes#
Yours Robbie
 |
 |
 |
 |
|
|||||||
| [Pending] HJT Logs - AgentA and Vundo posted in the Security & Safety forums; Hi Chiaz Thats me done what you asked, thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:47:08, on 25/04/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer ... |
|
04-25-2008
|
#15 |
|
Bronze Member
 Join Date: Apr 2008
Posts: 44 PC Experience: Hardware more than software
|
Re: AgentA and Vundo
|
|
|
| Advertisement - Register to Remove | |
|
|
04-25-2008
|
#16 |
|
Bronze Member
Join Date: Apr 2008
Posts: 44 PC Experience: Hardware more than software
|
Re: AgentA and Vundo
Hi
 Dont know if this will help but it has just started happening on startup . Error loading C:\Users\Andrew\Appdata\Local\Temp\fqljivii.dll The Specified module could not be found Error loading C:\Users\Andrew\Appdata\Local\Temp\ohhemiaj.dll The specified module could not be found Yours Robbie |
|
|
|
|
04-28-2008
|
#17 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,176 PC Experience: PC Guru
|
Re: AgentA and Vundo
Please boot to Safe Mode by following the instructions here:
PC Hell: How to Start Windows in Safe Mode Once you're in Safe Mode, run HijackThis now and place a checkmark by the following entries: O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Andrew\AppData\Local\Temp\byXNfDUo.dll,#1 O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART O4 - HKCU\..\Run: [BM77f2397b] Rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\ohhemiaj.d ll", s O4 - HKCU\..\Run: [74c10ae7] rundll32.exe "C:\Users\Andrew\AppData\Local\Temp\fqljivii.d ll", b O13 - Gopher Prefix: Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and reboot the computer. Now run a new scan with HijackThis and post the new log in your reply. Also tell me if you are still getting those errors. |
|
|
|
|
04-02-2009
|
#18 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: AgentA and Vundo
Hello,
This thread has been moved into the Unfinished HJT forum due to inactivity. Please follow the procedure at the top of the forum if you still require assistance Regards, Crush PCHF Security Team Leader
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
| Bookmarks |
| Tags |
| agenta, Pending:, vundo |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Vundo 11 Please help | cocotinker | [Fixed] Hijackthis! Logs | 7 | 04-13-2009 12:02 AM |
| Pending: Got Vundo | nick7272 | [Pending] HJT Logs | 2 | 04-02-2009 11:35 PM |
| Fixed: Vundo: Is it really gone? | bivegan | [Fixed] Hijackthis! Logs | 2 | 05-28-2008 01:44 AM |
| Fixed: Got hit with vundo..... | D__ | [Fixed] Hijackthis! Logs | 4 | 05-20-2008 03:38 PM |
| Help with Vundo | Spliefer | Anti-Virus | 3 | 03-12-2008 03:11 AM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
