Computers| Computers |
|
11-19-2004, 01:45 AM
| #1 (permalink) |
| Newb Techie Join Date: Jul 2004
Posts: 24
|  Hijack log (please help) Hi, my pc is running real slow and when I try to shut it off I get an error message, I have read my Hijack log and there are some files i'm not sure what are they like keyodbc.exe and cbdoyek.dat, please tell me =( Logfile of HijackThis v1.98.2 Scan saved at 06:38:03 PM, on 19/11/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\AppPatch\keyodbc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\HJT\HijackThis.exe O2 - BHO: CATLEvents Object - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\Rosyline\LOCALS~1\Temp\cbdoyek.dat O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {D6964FD8-3AF1-4A2A-ABB7-3D0C62924FD6} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [*keyodbc] C:\WINDOWS\AppPatch\keyodbc.exe O4 - HKLM\..\RunOnce: [*keyodbc] C:\WINDOWS\AppPatch\keyodbc.exe rerun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1025\OLFSNT40.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe |
|
|
11-19-2004, 10:25 AM
| #2 (permalink) |
| Junior Techie Join Date: Sep 2004
Posts: 97
 |  Check and fix the following : O2 - BHO: CATLEvents Object - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\Rosyline\LOCALS~1\Temp\cbdoyek.dat O4 - HKLM\..\RunOnce: [*keyodbc] C:\WINDOWS\AppPatch\keyodbc.exe rerun O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [*keyodbc] C:\WINDOWS\AppPatch\keyodbc.exe O2 - BHO: (no name) - {D6964FD8-3AF1-4A2A-ABB7-3D0C62924FD6} - (no file) Go and read my post in the main virus detection and removal area and follow the directions.
__________________ -Download wead antivirus today using your brain!- |
|
|
|
12-01-2004, 11:39 AM
| #3 (permalink) |
| Newb Techie Join Date: Dec 2004
Posts: 1
| I saw a fix for this here: How to remove Virtumonde Stopguard CATLEvents Trojan.Vundo Hope this helps |
|
|
|
01-24-2005, 02:48 PM
| #4 (permalink) |
| Monster Techie Join Date: Nov 2004
Posts: 1,346
 | Closing thread due to lack of activity. Liz
__________________ Priority Computers | AdAware SE | SpyBot-Search & Destroy | SpywareBlaster | SpywareGuard | HijackThis | Stealing is illegal Powered by Emily!  |
|
|
Linear Mode
