Hi, My PC seems to have trojan downloader and trojan vundo. I have tried following other threads and various removal programs but seem to be going around and around in circles! Im not the most knowledgeable pc user in the world so i havent tried going into safe mode or anything like that or fixing anything in Hijackthis because i am aware that if you dont know what you are doing you could do more damage than good. However I have tried vundofix and AVG 8.0, Trojan remover, xsoft, and other common recomendations out there. These all run and say that the pc has no infections but then windows defender pops up saying it has detected it again! I did originally have norton running on the pc but the trojans seem to have come in regaurdless. I havent had then all running at the sametime, each time i have uninstalled the previous on before starting the next because i am aware that having more than one running can allow things to slip through. I have included a hijackthis log. Please please help, this is driving me crazy!! Thanx Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:36, on 01/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [MFESuiteSetup] F:\APPLIC~2\McAfee\setup.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178028262296 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8737 bytes
Hey RandiM Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
Thanx for your response, i am printing off and following your instructions now. I will post the log as soon as im done. Thanx RandiM
Hi, I have downloaded and installed the malwarebytes and followed your instructions. This downloaded and installed fine, however it wouldnt allow me to check for updates. It said that the firewall wouldnt allow it, I added this to my excetions list for the firewall and it still wouldnt allow it. I then turned off teh firewall protection altogether but still this didnt work. I have ran diagnose connection problems in the internet tools menu and it keeps coming up with the following message. Im not sure what this means or what im meant to do? Is this connected to the trojan problems? So i ran the malwarebytes scan without the updates and it produced the following log file. (but this is without checking for updates) Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 3 03/12/2008 00:36:30 mbam-log-2008-12-03 (00-36-30).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Objects scanned: 188432 Time elapsed: 53 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM4fee2e20.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM4fee2e20.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Owner\results.txt (Malware.Trace) -> Quarantined and deleted successfully. Thanx RandiM
Hey RandiM Sounds like the malware's blocking Malwarebytes from updating... we'll have to use another tool. Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop. Please disable all security programs, such as antiviruses, antispywares, and firewalls. • Run Combo-Fix.exe and follow the prompts. • Accept the End-User License Agreement. • Allow the Recovery Console to be installed. • When you see the window below, click on Yes. • When the Recovery Console has been installed, click on Yes to start the scan. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be fully completed. • If it requires a reboot, please do so. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. Best Regards
Hi, I have followed your instructions and ran combofix and it produced the following log: ComboFix 08-12-02.02 - HP_Owner 2008-12-03 20:58:43.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT 0:00] Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cpnwxgfd.ini c:\windows\system32\dljklmxj.ini c:\windows\system32\dohieqix.ini c:\windows\system32\GMonVyay.ini c:\windows\system32\GMonVyay.ini2 c:\windows\system32\gPAHOXbc.ini c:\windows\system32\gPAHOXbc.ini2 c:\windows\system32\kydqftsn.ini c:\windows\system32\mrwqadgu.ini c:\windows\system32\psdjweej.ini c:\windows\system32\qdswxbxi.ini c:\windows\system32\tdxptecr.ini c:\windows\system32\unbgwwql.ini c:\windows\system32\utmprtem.ini c:\windows\system32\vqoqphqb.ini c:\windows\system32\wtcqweho.ini D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 ))))))))))))))))))))))))))))))) . 2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes 2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-02 23:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-02 23:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\system32\scripting 2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\system32\bits 2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\l2schemas 2008-11-30 19:43 . 2008-11-30 19:50 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-30 19:26 . 2008-11-30 19:26 <DIR> d-------- C:\VundoFix Backups 2008-11-30 19:24 . 2008-11-30 19:24 <DIR> d-------- c:\windows\EHome 2008-11-29 17:36 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll 2008-11-29 16:20 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys 2008-11-29 16:19 . 2008-04-14 00:11 1,888,992 --------- c:\windows\system32\ati3duag.dll 2008-11-29 16:03 . 2008-09-08 10:41 333,824 --------- c:\windows\system32\dllcache\srv.sys 2008-11-29 16:03 . 2008-08-14 10:04 138,496 --------- c:\windows\system32\dllcache\afd.sys 2008-11-29 16:02 . 2008-08-14 10:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-29 16:02 . 2008-08-14 10:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-29 16:02 . 2008-08-14 09:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-29 16:02 . 2008-08-14 09:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-29 16:02 . 2008-09-15 12:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys 2008-11-29 16:01 . 2008-04-11 19:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll 2008-11-29 16:01 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-29 16:00 . 2008-10-15 16:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll 2008-11-28 22:39 . 2008-06-13 11:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys 2008-11-28 22:39 . 2008-05-08 14:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys 2008-11-19 11:47 . 2008-11-19 13:33 <DIR> d-------- c:\documents and settings\joanne\Application Data\BitTorrent 2008-11-05 01:30 . 2008-11-29 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2008-11-05 01:29 . 2008-11-29 17:35 <DIR> d-------- c:\program files\NOS 2008-11-04 19:28 . 2008-11-04 19:28 <DIR> d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-03 21:00 --------- d-----w c:\documents and settings\HP_Owner\Application Data\DNA 2008-12-03 20:44 --------- d-----w c:\documents and settings\HP_Owner\Application Data\BitTorrent 2008-12-03 20:40 --------- d-----w c:\program files\DNA 2008-11-30 20:57 --------- d-----w c:\program files\DivX 2008-11-30 20:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-30 19:55 77,824 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll 2008-11-28 22:55 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-28 22:08 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer 2008-11-14 19:29 --------- d-----w c:\program files\BitTorrent 2008-11-05 23:10 --------- d-----w c:\program files\XoftSpySE 2008-11-05 23:08 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-05 23:06 --------- d-----w c:\program files\Disney Interactive 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll 2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe 2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll 2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll 2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll 2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll 2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe 2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll 2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll 2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll 2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll 2008-05-25 09:03 160 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat 2004-07-22 10:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB 2004-07-19 22:58 1,156,363 ----a-w c:\program files\BDANT.cab 2004-07-19 22:53 976,020 ----a-w c:\program files\BDAXP.cab 2004-07-09 14:17 13,265,040 ----a-w c:\program files\dxnt.cab 2004-07-09 09:13 703,080 ----a-w c:\program files\BDA.cab 2004-07-09 09:13 15,493,481 ----a-w c:\program files\DirectX.cab 2004-07-09 04:08 472,576 ----a-w c:\program files\dxsetup.exe 2004-07-09 04:08 2,242,560 ----a-w c:\program files\dsetup32.dll 2004-07-09 03:03 62,976 ----a-w c:\program files\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-06-04 40960] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 68856] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-13 342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 180269] "Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-11-05 106496] "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe] "nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] "SoundMan"="SOUNDMAN.EXE" [2005-02-21 c:\windows\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-02-18 c:\windows\ALCWZRD.EXE] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048] NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-06-07 884840] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-01-02 335360] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-01-02 24544] S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG11TND5.sys [2007-06-07 362944] S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys [] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-04-13 17149] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-03 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDetect.exe [] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Boots Insert Detect - c:\program files\Boots F2CD\Picture Suite\InsDetect.exe HKLM-Run-MFESuiteSetup - f:\applic~2\McAfee\setup.exe HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\79sd00nx.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-03 21:01:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-03 21:03:16 ComboFix-quarantined-files.txt 2008-12-03 21:02:54 Pre-Run: 27,509,661,696 bytes free Post-Run: 27,712,036,864 bytes free 221 --- E O F --- 2008-11-30 21:17:25 I havent a clue what any of that means! After following each set of your instructions my pc is speeding up massively. Im also finding the instructions really easy to follow so thank you. I'll wait and see what you think i should do next. Just want to say thanx for your halp so far! Thanx RandiM
Hey RandiM Can Malwarebytes update now? If not, please try using this manual update: http://www.gt500.org/malwarebytes/database.jsp Do another scan and post the log here. Also tell me how your's computer doing now. Best Regards
Hi, The update for malwarebytes went a little further this time, it connected to the internet and went 90% of the way through and then again came up with the same error, saying that i should tyrn off all firewalls (which the already are). So i followed your link and did the manual update, this has now worked (after the 3rd attempt) and the malwarebytes now says that i have the latest versioin of the database. I am running a scan and i will post the log as soon as its complete. Thanx RandiM
Hi, Apologies for not posting the malwarebytes log yesterday but I had a problem posting. I did run malwarebytes and attempt to post the log but it just kept freezing and saying please wait and not progressing anywhere. The log is as follows: Malwarebytes' Anti-Malware 1.31 Database version: 1460 Windows 5.1.2600 Service Pack 3 04/12/2008 22:41:49 mbam-log-2008-12-04 (22-41-49).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Objects scanned: 191253 Time elapsed: 46 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As for an update on my PC; it is more than twice as fast now and running a lot lot better. When using inernet explorer before it would take at least 3 - 4 mins for it to open and after about 3 or 4 pages it would say it was unable to connect to the intenet. Now it opens within a few seconds and i am not having the loss of connection(yesterdays problem posting excluded!) Thanx RandiM
Hi, the hijackthis log file is as follows: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:00:28, on 06/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NETGEAR\WG111T\wlan111t.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178028262296 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 8137 bytes Is it looking clear now? Thanx RandiM
Hi, Thanx so much for your help! What anti virus and spy ware protection would you recommed? I had norton before because it was already put on my pc when i bought it and that was menat to be protecting my pc when i got the trojans! Thanx RandiM
Hey RandiM I would recommend Antivir, Superantispyware, Malwarebytes, Comodo Firewall, and SpywareBlaster. There are other tools you can use too, but these are the most basic. Best Regards
Hi, Thanx I'll try these out. Am I OK to have these all on my pc at once? I have heard before that sometimes it can be a bad thing having too many security packages on at once because they can confuse each other? Is this try or is it told rubbish? Thanx RandiM
hi guys i'm in the sh*t also with a trojan vundo. i know virtually nothing about computers.Is there an easy fix for this virusor should get somebody to help me?
