Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection » Urgent Help!!
Closed Thread
Page 1 of 3 1 23
LinkBack Thread Tools Display Modes
 
Old 04-28-2007, 10:41 PM   #1 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Exclamation Urgent Help!!
I have some bad virus through msn, i havent had time to check if this problem has already been resolved on the board because the computer can stuff up at any moment with winlogon.exe application error "0x7c8ed9c". I tried deleting the virus through my antivirus but it keeps coming back.. Virtumonde.iu or something it always appears as 4 infections. Cant afford to lose all this info on my HD throuhg reformat over a virus if I can delete it. here is a copy of my hijackthis log.. please help!!!


EDIT - wont let me post the hijackthis log exceeds limit and when i try add the txt doc it says invalid file. If you already know how to delete Virtumonde please reply.

By the way I use AVG free antivirus and Zone Alarm security suite.
Last edited by enigm@tic; 04-28-2007 at 10:54 PM.
enigm@tic is offline  
Old 04-28-2007, 11:11 PM   #2 (permalink)
eyeCpc's Avatar
 
Master Techie

Join Date: Apr 2007

Posts: 2,074

eyeCpc is on a distinguished road
Default Re: Urgent Help!!
There's no log seen here. Apparently that wasn't posted. The description on the Virtumonde.ui was briefly put as Home / Viruses / Virus Encyclopedia
not-a-virus:AdWare.Win32.Virtumonde.iu as seen at Viruslist.com - not-a-virus:AdWare.Win32.Virtumonde.iu
eyeCpc is offline  
Old 04-28-2007, 11:33 PM   #3 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
I just found this How do I remove the Virtumonde virus when I cant find it? and downloaded the VirtumondebeGone.exe heres the log from it:


[04/29/2007, 13:21:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\UJHQN4RI\VirtumundoBeGone[1].exe" )
[04/29/2007, 13:22:41] - Detected System Information:
[04/29/2007, 13:22:41] - Windows Version: 5.1.2600, Service Pack 2
[04/29/2007, 13:22:41] - Current Username: Ivan (Admin)
[04/29/2007, 13:22:41] - Windows is in NORMAL mode.
[04/29/2007, 13:22:41] - Searching for Browser Helper Objects:
[04/29/2007, 13:22:41] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/29/2007, 13:22:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2007, 13:22:41] - BHO 3: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[04/29/2007, 13:22:41] - BHO 4: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[04/29/2007, 13:22:41] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/29/2007, 13:22:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2007, 13:22:41] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2007, 13:22:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:41] - No filename found. Continuing.
[04/29/2007, 13:22:41] - BHO 8: {A2E49E61-7F19-4337-8620-60FF0538866B} ()
[04/29/2007, 13:22:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:41] - Checking for HKLM\...\Winlogon\Notify\mljigec
[04/29/2007, 13:22:41] - Found: HKLM\...\Winlogon\Notify\mljigec - This is probably Virtumundo.
[04/29/2007, 13:22:41] - Assigning {A2E49E61-7F19-4337-8620-60FF0538866B} MSEvents Object
[04/29/2007, 13:22:41] - BHO list has been changed! Starting over...
[04/29/2007, 13:22:41] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/29/2007, 13:22:41] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2007, 13:22:41] - BHO 3: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[04/29/2007, 13:22:41] - BHO 4: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[04/29/2007, 13:22:41] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/29/2007, 13:22:41] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2007, 13:22:41] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2007, 13:22:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:41] - No filename found. Continuing.
[04/29/2007, 13:22:41] - BHO 8: {A2E49E61-7F19-4337-8620-60FF0538866B} (MSEvents Object)
[04/29/2007, 13:22:41] - ALERT: Found MSEvents Object!
[04/29/2007, 13:22:41] - BHO 9: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/29/2007, 13:22:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:41] - Checking for HKLM\...\Winlogon\Notify\fwninixh
[04/29/2007, 13:22:41] - Key not found: HKLM\...\Winlogon\Notify\fwninixh, continuing.
[04/29/2007, 13:22:41] - Finished Searching Browser Helper Objects
[04/29/2007, 13:22:41] - *** Detected MSEvents Object
[04/29/2007, 13:22:41] - Trying to remove MSEvents Object...
[04/29/2007, 13:22:42] - Terminating Process: IEXPLORE.EXE
[04/29/2007, 13:22:42] - Terminating Process: RUNDLL32.EXE
[04/29/2007, 13:22:44] - Disabling Automatic Shell Restart
[04/29/2007, 13:22:44] - Terminating Process: EXPLORER.EXE
[04/29/2007, 13:22:46] - Suspending the NT Session Manager System Service
[04/29/2007, 13:22:46] - Terminating Windows NT Logon/Logoff Manager
[04/29/2007, 13:22:46] - Re-enabling Automatic Shell Restart
[04/29/2007, 13:22:46] - File to disable: C:\WINDOWS\system32\mljigec.dll
[04/29/2007, 13:22:46] - Renaming C:\WINDOWS\system32\mljigec.dll -> C:\WINDOWS\system32\mljigec.dll.vir
[04/29/2007, 13:22:46] - File successfully renamed!
[04/29/2007, 13:22:46] - Removing HKLM\...\Browser Helper Objects\{A2E49E61-7F19-4337-8620-60FF0538866B}
[04/29/2007, 13:22:46] - Removing HKCR\CLSID\{A2E49E61-7F19-4337-8620-60FF0538866B}
[04/29/2007, 13:22:46] - Adding Kill Bit for ActiveX for GUID: {A2E49E61-7F19-4337-8620-60FF0538866B}
[04/29/2007, 13:22:46] - Deleting ATLEvents/MSEvents Registry entries
[04/29/2007, 13:22:46] - Removing HKLM\...\Winlogon\Notify\mljigec
[04/29/2007, 13:22:46] - Searching for Browser Helper Objects:
[04/29/2007, 13:22:46] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/29/2007, 13:22:46] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2007, 13:22:46] - BHO 3: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[04/29/2007, 13:22:46] - BHO 4: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[04/29/2007, 13:22:46] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/29/2007, 13:22:46] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2007, 13:22:46] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2007, 13:22:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:46] - No filename found. Continuing.
[04/29/2007, 13:22:46] - BHO 8: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/29/2007, 13:22:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:22:46] - Checking for HKLM\...\Winlogon\Notify\fwninixh
[04/29/2007, 13:22:46] - Key not found: HKLM\...\Winlogon\Notify\fwninixh, continuing.
[04/29/2007, 13:22:46] - Finished Searching Browser Helper Objects
[04/29/2007, 13:22:46] - Finishing up...
[04/29/2007, 13:22:46] - A restart is needed.
[04/29/2007, 13:22:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[04/29/2007, 13:22:55] - Attempting to Restart via STOP error (Blue Screen!)
enigm@tic is offline  
Old 04-28-2007, 11:36 PM   #4 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
On restart I had a DLL error and then a windows explorer error then my Zone Alarm detected the virus again. Heres a screenshot
Attached Images
 
enigm@tic is offline  
Old 04-28-2007, 11:52 PM   #5 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
After deleting it through Zone Alarm again I ran the VBG and heres the log..


[04/29/2007, 13:50:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Ivan\My Documents\VirtumundoBeGone.exe" )
[04/29/2007, 13:50:33] - Detected System Information:
[04/29/2007, 13:50:33] - Windows Version: 5.1.2600, Service Pack 2
[04/29/2007, 13:50:33] - Current Username: Ivan (Admin)
[04/29/2007, 13:50:33] - Windows is in NORMAL mode.
[04/29/2007, 13:50:33] - Searching for Browser Helper Objects:
[04/29/2007, 13:50:33] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/29/2007, 13:50:33] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/29/2007, 13:50:33] - BHO 3: {45AD732C-2CE2-4666-B366-B2214AD57A49} (Idea2 SidebarBrowserMonitor Class)
[04/29/2007, 13:50:33] - BHO 4: {6A87B991-A31F-4130-AE72-6D0C294BF082} (DealioBHO Class)
[04/29/2007, 13:50:33] - BHO 5: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/29/2007, 13:50:33] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/29/2007, 13:50:33] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/29/2007, 13:50:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:50:33] - No filename found. Continuing.
[04/29/2007, 13:50:33] - BHO 8: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[04/29/2007, 13:50:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/29/2007, 13:50:33] - Checking for HKLM\...\Winlogon\Notify\fwninixh
[04/29/2007, 13:50:33] - Key not found: HKLM\...\Winlogon\Notify\fwninixh, continuing.
[04/29/2007, 13:50:33] - Finished Searching Browser Helper Objects
[04/29/2007, 13:50:33] - Finishing up...
[04/29/2007, 13:50:33] - Nothing found! Exiting...



Seems to be clear for now... i hope it doesnt come back on restart
enigm@tic is offline  
Old 04-29-2007, 12:05 AM   #6 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
Heres screenshot of the RUNDLL error on startup
Attached Images
 
enigm@tic is offline  
Old 04-29-2007, 03:26 AM   #7 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
Its back again and VGB wont detect it and its directory I tried to check doesnt exist.

Although the RUNDLL error on startup I managed to get rid of. I believe im half way there to getting rid of it, I need some more help on this!
Attached Images
 
enigm@tic is offline  
Old 04-29-2007, 03:41 AM   #8 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
This just keeps getting better.. new outbreak of some ****ed up **** heres a shot.. ill post Hijackthis log next
Attached Images
 
enigm@tic is offline  
Old 04-29-2007, 03:43 AM   #9 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
Logfile of HijackThis v1.99.1
Scan saved at 5:42:16 PM, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess .exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\MGE\RunSC.exe
C:\WINDOWS\system32\MGE\PCtl.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\WINDOWS\system32\MGE\BIL.EXE
C:\WINDOWS\system32\MGE\CILUSB.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (value not set) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (value not set) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (value not set) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (value not set) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb102\Dealio.dll
O2 - BHO: (value not set) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (value not set) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (value not set) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (value not set) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb102\Dealio.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\\RegistryController.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb102\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb102\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
enigm@tic is offline  
Old 04-29-2007, 03:44 AM   #10 (permalink)
enigm@tic's Avatar
 
Super Techie

Join Date: Oct 2006

Posts: 336

enigm@tic is on a distinguished road
Default Re: Urgent Help!!
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160467169156
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{015CA84B-F3C9-428A-A0DD-A4F47B3838D7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{015CA84B-F3C9-428A-A0DD-A4F47B3838D7}: NameServer = 10.0.0.138
O17 - HKLM\System\CS2\Services\Tcpip\..\{015CA84B-F3C9-428A-A0DD-A4F47B3838D7}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
enigm@tic is offline  
 
Closed Thread
Page 1 of 3 1 23

« Full page pop ups!!!!! Help!!!!! | New Worm Targets Portable Memory Drives »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD - Urgent!! smurph Hardware Troubleshooting 10 05-02-2007 10:03 AM
Urgent VPN questions jaaan45 Computer Networking & Internet Access 1 04-17-2007 10:39 PM
c: question .. kinda urgent! shields Windows Operating Systems and Software 16 04-09-2007 09:28 AM
URGENT HELP NEEDED...Norton Live update internal Error!!!! sudheep Virus - Spyware Protection / Detection 16 04-05-2007 01:17 PM
Urgent trojan problem. gloomer Virus - Spyware Protection / Detection 2 04-01-2007 12:03 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 08:10 PM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered