Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde


  • This topic is locked This topic is locked
1 reply to this topic

#1 DibiBetti

DibiBetti

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:whoville
  • Local time:05:41 PM

Posted 18 September 2008 - 06:23 PM

Hi.

I recently fixed a bunch of problems on my friends PC only to find that I can't turn on auto updates. I ran Sbybot S & D and it gave 2 entries for Virtumonde. I told it to fix selcted and it claimed to have fixed the issue but subsequent scans told me they were still there. I ran Vundo fix in safe mode and it found no infections. I also ran Virtumundobegone and once complete it BSODed me in order to force a restart but still did not fix the issue.

As for the update problem I tried to change the setings in services.msc and I tried the tweak on Kellys-Korner to no avail. I also deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\NoWindowsUpdate from the registry, and tried to find and delete
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate and AUOptions
but could not either. In fact I couldn't find \WindowsUpdate\.
I did find and delete
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\AutoUpdate\AUOptions
but deleting it also had no effect.

I have researched this to the point of headaches and can find no solutions. Please help. I can't figure out how to remove Virtumonde if Vundofix can't even find it, and I've lost all hope of fixing the auto update thing on my own. My friend is very computer new and I doubt she would ever get this far on her own, and would never think to post in a forum, so I am taking it upon myself to make the request for help for her. Please help us.

I ran a Hijack This scan in case the log gives you any clues.

Thanks in advance for any help you can give.

Hijack This and VMB logs follow:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:44, on 9/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [\YURA8.exe] C:\Windows\system32\YURA8.exe
O4 - HKLM\..\Run: [88cf0e4f] rundll32.exe "C:\WINDOWS\system32\ckrotklv.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Norton Confidence Online - {144FDEB7-A23D-4D39-A00E-AA44195535B6} - C:\WINDOWS\wcidButton.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {CCC46940-DED0-476C-A27E-115B10DAE0B4} - https://td.nortonconfidenceonline.com/plug-in/NCO/WSAS.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: application/octet-stream - (no CLSID) - (no file)
O18 - Filter hijack: application/x-complus - (no CLSID) - (no file)
O18 - Filter hijack: application/x-msdownload - (no CLSID) - (no file)
O20 - AppInit_DLLs: uhzssd.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 7700 bytes


[09/19/2008, 2:57:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Erin\Desktop\VirtumundoBeGone.exe" )
[09/19/2008, 2:57:37] - Detected System Information:
[09/19/2008, 2:57:37] - Windows Version: 5.1.2600, Service Pack 3
[09/19/2008, 2:57:37] - Current Username: Erin (Admin)
[09/19/2008, 2:57:37] - Windows is in SAFE mode.
[09/19/2008, 2:57:37] - Searching for Browser Helper Objects:
[09/19/2008, 2:57:37] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:37] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:37] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:37] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:37] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - No filename found. Continuing.
[09/19/2008, 2:57:37] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:37] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:37] - BHO 11: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\iifdbbbA
[09/19/2008, 2:57:37] - Found: HKLM\...\Winlogon\Notify\iifdbbbA - This is probably Virtumundo.
[09/19/2008, 2:57:37] - Assigning {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} MSEvents Object
[09/19/2008, 2:57:37] - BHO list has been changed! Starting over...
[09/19/2008, 2:57:37] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:37] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:37] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:37] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:37] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:37] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - No filename found. Continuing.
[09/19/2008, 2:57:37] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:37] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:37] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:37] - BHO 11: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1} (MSEvents Object)
[09/19/2008, 2:57:37] - ALERT: Found MSEvents Object!
[09/19/2008, 2:57:37] - BHO 12: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/19/2008, 2:57:37] - BHO 13: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
[09/19/2008, 2:57:37] - BHO 14: {f07be955-9983-4e19-81ff-9c718a267e78} ()
[09/19/2008, 2:57:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:37] - Checking for HKLM\...\Winlogon\Notify\uhzssd
[09/19/2008, 2:57:37] - Key not found: HKLM\...\Winlogon\Notify\uhzssd, continuing.
[09/19/2008, 2:57:37] - Finished Searching Browser Helper Objects
[09/19/2008, 2:57:37] - *** Detected MSEvents Object
[09/19/2008, 2:57:37] - Trying to remove MSEvents Object...
[09/19/2008, 2:57:38] - Terminating Process: IEXPLORE.EXE
[09/19/2008, 2:57:38] - Terminating Process: RUNDLL32.EXE
[09/19/2008, 2:57:38] - Disabling Automatic Shell Restart
[09/19/2008, 2:57:38] - Terminating Process: EXPLORER.EXE
[09/19/2008, 2:57:38] - Suspending the NT Session Manager System Service
[09/19/2008, 2:57:39] - Terminating Windows NT Logon/Logoff Manager
[09/19/2008, 2:57:39] - Re-enabling Automatic Shell Restart
[09/19/2008, 2:57:39] - File to disable: C:\WINDOWS\system32\iifdbbbA.dll
[09/19/2008, 2:57:39] - Removing HKLM\...\Browser Helper Objects\{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Removing HKCR\CLSID\{ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Adding Kill Bit for ActiveX for GUID: {ADFD5FD2-2DD2-4572-80DA-C74F1193FBA1}
[09/19/2008, 2:57:39] - Deleting ATLEvents/MSEvents Registry entries
[09/19/2008, 2:57:39] - Removing HKLM\...\Winlogon\Notify\iifdbbbA
[09/19/2008, 2:57:39] - Searching for Browser Helper Objects:
[09/19/2008, 2:57:39] - BHO 1: {18FF61F9-0BC4-44D0-B3DD-5D6FC43441E9} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\nnnkIcyy
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\nnnkIcyy, continuing.
[09/19/2008, 2:57:39] - BHO 2: {3049C3E9-B461-4BC5-8870-4C09146192CA} (RealPlayer Download and Record Plugin for Internet Explorer)
[09/19/2008, 2:57:39] - BHO 3: {491AF6C5-21F2-46E1-C653-3DF529127D7B} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/19/2008, 2:57:39] - BHO 5: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[09/19/2008, 2:57:39] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/19/2008, 2:57:39] - BHO 7: {85B282A9-204A-463F-BF6A-5704DCEF81F8} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - No filename found. Continuing.
[09/19/2008, 2:57:39] - BHO 8: {85CF4327-68DE-1974-B32E-766E84A9706C} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\wcidBHO
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\wcidBHO, continuing.
[09/19/2008, 2:57:39] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/19/2008, 2:57:39] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/19/2008, 2:57:39] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/19/2008, 2:57:39] - BHO 12: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
[09/19/2008, 2:57:39] - BHO 13: {f07be955-9983-4e19-81ff-9c718a267e78} ()
[09/19/2008, 2:57:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/19/2008, 2:57:39] - Checking for HKLM\...\Winlogon\Notify\uhzssd
[09/19/2008, 2:57:39] - Key not found: HKLM\...\Winlogon\Notify\uhzssd, continuing.
[09/19/2008, 2:57:39] - Finished Searching Browser Helper Objects
[09/19/2008, 2:57:39] - Finishing up...
[09/19/2008, 2:57:39] - A restart is needed.
[09/19/2008, 2:57:39] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[09/19/2008, 2:58:04] - Attempting to Restart via STOP error (Blue Screen!)

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:41 PM

Posted 30 September 2008 - 08:44 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users