Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Can't Remove Virtumonde/vundo


  • This topic is locked This topic is locked
3 replies to this topic

#1 nepdude

nepdude

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 11 September 2007 - 11:02 AM

hi...i got infected with virtumonde/vundo (whatever it is called) and it is so damn hard to remove it. I was scanning with Spybot and it detected virtumonde..i fixed it with spybot but the virus seems to still be there...i downloaded the virtumonde/vundo fixes(vundofix, virtumondebegone, symantec one) but still the files can't be deleted..whenever i use the fix from atribune.org it tells me that the file is in use within another process..i checked with hijackthis process viewer and it seems that winlogon.exe and explorer.exe both seems to be using that dll process..(this dll seems to change name) :thumbsup:
please somebody help me

combofix log
-----------------------------------------------------------
ComboFix 07-09-10.6 - "Prasham" 2007-09-11 15:13:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.248 [GMT 5.75:45]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\User\APPLIC~1\install.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\system32\D2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\nwinkmdt.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NPF
-------\DomainService
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-11 13:47 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2007-09-11 13:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-10 22:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-10 12:16 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Zeon
2007-09-09 19:52 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Renegade Minds
2007-09-09 15:55 <DIR> d-------- C:\DOCUME~1\Prasham\APPLIC~1\Renegade Minds
2007-09-09 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Renegade Minds
2007-09-09 15:54 <DIR> d-------- C:\DOCUME~1\Prasham\APPLIC~1\Roni Music
2007-09-08 15:21 2,080,668 ---hs---- C:\WINDOWS\system32\hjllm.ini2
2007-09-08 12:33 <DIR> d-------- C:\hijackthis
2007-09-08 12:32 <DIR> d-------- C:\VundoFix Backups
2007-09-07 20:02 14 --a------ C:\DOCUME~1\Prasham\getfile.dat
2007-09-07 11:00 696,145 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-09-06 23:00 <DIR> d--hsc--- C:\WINDOWS\RHVyZ2EgT2poYQ
2007-09-06 22:54 244,832 --a------ C:\WINDOWS\system32\mlljh.dll
2007-09-06 22:51 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-06 22:51 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-06 22:51 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-09-06 22:49 <DIR> d-------- C:\Temp
2007-09-03 13:02 <DIR> d-------- C:\Program Files\The Regex Coach
2007-09-03 13:02 <DIR> d-------- C:\Program Files\Common Files\ChessBase
2007-09-03 13:02 <DIR> d-------- C:\DOCUME~1\Prasham\APPLIC~1\ChessBase
2007-08-31 13:42 <DIR> d-------- C:\mysql
2007-08-29 23:08 <DIR> d-------- C:\DOCUME~1\Prasham\ASPNET
2007-08-25 15:08 <DIR> d-------- C:\Program Files\AGN MSN Meego Installer v1.0
2007-08-25 15:02 <DIR> d-------- C:\Program Files\MSN BackUp
2007-08-19 09:40 <DIR> d-------- C:\Program Files\PuTTY

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 11:48 --------- d-------- C:\DOCUME~1\User\APPLIC~1\Ipswitch
2008-01-13 11:59 --------- d-------- C:\Program Files\LizardTech
2008-01-11 20:48 --------- d-------- C:\Program Files\Video Joiner
2008-01-01 23:38 --------- d-------- C:\Program Files\Chord Pickout
2008-01-01 11:02 --------- d-------- C:\Program Files\Common Files\SWF Studio
2008-01-01 10:59 --------- d-------- C:\Program Files\NCBuy
2007-09-11 15:21 --------- d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\VMware
2007-09-11 15:21 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\VMware
2007-09-11 13:41 --------- d-------- C:\DOCUME~1\Prasham\APPLIC~1\Lavasoft
2007-09-11 13:40 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-06 12:47 --------- d-------- C:\Program Files\eMule
2007-09-03 18:21 --------- d-------- C:\Program Files\WS_FTP
2007-09-03 14:45 --------- d-------- C:\DOCUME~1\Prasham\APPLIC~1\VMware
2007-09-03 14:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-03 14:10 --------- d-------- C:\Program Files\SUPERAntiSpyware
2007-09-03 14:10 --------- d-------- C:\DOCUME~1\Prasham\APPLIC~1\SUPERAntiSpyware.com
2007-08-26 08:31 --------- d-------- C:\Program Files\Kawa Pro
2007-08-07 17:26 --------- d-------- C:\Program Files\Fine Metronome
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-03 18:48 --------- d-------- C:\DOCUME~1\Prasham\APPLIC~1\Tor
2007-08-01 16:37 --------- d-------- C:\Program Files\Say the Time
2007-08-01 15:10 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-21 19:30 --------- d-------- C:\Program Files\Creative
2007-07-21 19:29 --------- d-------- C:\Program Files\DAP
2007-07-21 08:47 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-21 08:46 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-20 22:55 --------- d-------- C:\Program Files\Symantec
2007-07-20 22:34 --------- d-------- C:\Program Files\themexp
2007-07-17 21:51 --------- d-------- C:\Program Files\MSN Messenger
2007-07-17 21:45 --------- d-------- C:\DOCUME~1\User\APPLIC~1\SUPERAntiSpyware.com
2007-07-17 18:12 --------- d-------- C:\Program Files\Morpheus
2007-07-17 15:54 --------- d-------- C:\Program Files\Google
2007-07-13 23:47 --------- d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\VMware
2007-07-13 21:59 --------- d-------- C:\Program Files\Ad Muncher
2007-07-11 16:24 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-11 16:24 --------- d-------- C:\DOCUME~1\User\APPLIC~1\FastSum
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-21 23:13 720896 --a------ C:\WINDOWS\iun6002.exe
2005-07-29 10:39:26 472 -csha-r C:\WINDOWS\RHVyZ2EgT2poYQ\lJpVtZH0nZDCsk.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45437132-854d-4021-a33e-9279bae6bd09}]
C:\WINDOWS\system32\upelpll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72B36651-9E9F-4CC8-BB6A-F0ABC5EA8930}]
2007-09-06 22:59 244832 --a------ C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 16:39 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe" [2005-06-20 12:10]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-29 14:14:19]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\mlljh


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo Messengger]
C:\WINDOWS\system32\SCVHSOT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" -atboottime

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R3 ev19x8mp;Creative SB AudioPCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\ev19x8mp.sys
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S3 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard Pro\FGUARD32.SYS
S3 PORTMON;PORTMON;\??\C:\Documents and Settings\Prasham\Desktop\portm98\PORTMSYS.SYS
S3 sysid;sysid;\??\C:\WINDOWS\System32\drivers\sysid.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a616de-cfd8-11dc-9bcd-00142a203931}]
AutoRun\command- SCVVHSOT.exe
Open\command- SCVVHSOT.exe

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 15:22:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySql]
"ImagePath"="C:/mysql/bin/mysqld-nt.exe"
.
Completion time: 2007-09-11 15:25:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 15:25
.
--- E O F ---

--------------------------------------
hijackthis log
---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:49 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1645522239-1220945662-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'User')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Add Page To DownloadStudio Scrapbook... - D:\Program Files\Conceiva\DownloadStudio\ds_snap.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download Image Using DownloadStudio... - D:\Program Files\Conceiva\DownloadStudio\ds_img.htm
O8 - Extra context menu item: Download Page Using DownloadStudio... - D:\Program Files\Conceiva\DownloadStudio\ds_all.htm
O8 - Extra context menu item: Download Selection Using DownloadStudio... - D:\Program Files\Conceiva\DownloadStudio\ds_sel.htm
O8 - Extra context menu item: Download Target Using DownloadStudio... - D:\Program Files\Conceiva\DownloadStudio\ds_file.htm
O8 - Extra context menu item: Download using LeechGet - file://D:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://D:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://D:\Program Files\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O8 - Extra context menu item: Show Page Links Using DownloadStudio... - D:\Program Files\Conceiva\DownloadStudio\ds_link.htm
O8 - Extra context menu item: Subscribe To RSS Feed... - D:\Program Files\Conceiva\DownloadStudio\ds_rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Messenger2\im2_ie_plugin.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Store link with e-Stalker - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5B0D774-460C-4CF7-A0D8-3E9393F28F44}: NameServer = 63.219.0.5,63.219.0.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wsn.com.np
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wsn.com.np
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = wsn.com.np
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wsn.com.np
O18 - Protocol: atc - {5A8A8455-B97B-424D-8199-3954F7A62022} - C:\Program Files\Altercept\TheEasyBee Free\Binaries\ATCPrtcl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Apache\bin\httpd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSVCCDA.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NMap - Unknown owner - D:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9953 bytes

BC AdBot (Login to Remove)

 


#2 nepdude

nepdude
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 11 September 2007 - 07:26 PM

hey help please anybody?????

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:35 PM

Posted 23 September 2007 - 06:43 AM

Hi nepdude

Rename HijackThis.exe to nepdude.exe and post back a fresh HijackThis log, please :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:35 PM

Posted 29 September 2007 - 10:22 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users