Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde/Prunnet removed (I think), but laptop awfully slow now


  • This topic is locked This topic is locked
2 replies to this topic

#1 ElizabethT

ElizabethT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 26 December 2008 - 01:40 PM

I removed some Vundo registry entries and files (like Prunnet) using Malwarebytes yesterday, but now I think there must still be a problem not being picked up by Malwarebytes, since my laptop has started running slowly. Also, on startup, I'm seeing a couple of minutes of black screen (plus an arrow curser), which I never saw before being infected. Can you help? I've attached my HijackThis log below. It looks like there are at least a couple of entries (like the omreo dll) that look suspicious.

Thank you so very much!

Elizabeth

O10 c:\windows\system32\nwprovau.dll

O16 {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O2 Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O2 (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O20 C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL omroeo.dll

O23 Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

O23 SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 WLANKEEPER - Intel� Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O23 AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe

O23 dkab_device - Dell - C:\WINDOWS\system32\DKabcoms.exe

O23 McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe

O23 Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O3 &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O4 [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 Digital Line Detect.lnk = ?

O4 [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O4 [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

O4 Microsoft Works Calendar Reminders.lnk = ?

O4 [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

O4 [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 WinZip Quick Pick.lnk = C:\Documents and Settings\Elizabeth\Start Menu\Programs\WinZip\WZQKPICK.EXE

O9 Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe

O9 (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

O9 Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll

P01 C:\WINDOWS\Explorer.EXE

P01 C:\WINDOWS\system32\svchost.exe

P01 C:\WINDOWS\system32\lsass.exe

P01 C:\WINDOWS\system32\winlogon.exe

P01 C:\WINDOWS\system32\services.exe

P01 C:\WINDOWS\System32\smss.exe

P01 C:\WINDOWS\system32\spoolsv.exe

P01 C:\WINDOWS\system32\ctfmon.exe

P01 C:\Program Files\Internet Explorer\iexplore.exe

P01 C:\WINDOWS\system32\rundll32.exe

P01 C:\WINDOWS\system32\Ati2evxx.exe

P01 C:\Program Files\QuickTime\qttask.exe

P01 C:\Program Files\iPod\bin\iPodService.exe

P01 C:\Program Files\iTunes\iTunesHelper.exe

P01 C:\WINDOWS\system32\wscntfy.exe

P01 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

P01 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

P01 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

P01 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

P01 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

P01 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

P01 C:\WINDOWS\system32\dla\tfswctrl.exe

P01 C:\WINDOWS\system32\inetsrv\inetinfo.exe

P01 C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

P01 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

P01 C:\PROGRA~1\mcafee.com\agent\mcagent.exe

P01 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

P01 C:\Program Files\Digital Line Detect\DLG.exe

P01 c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

P01 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

P01 C:\Program Files\Apoint\Apntex.exe

P01 C:\Program Files\Apoint\Apoint.exe

P01 c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

P01 C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

P01 C:\Program Files\Dell\QuickSet\quickset.exe

P01 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

P01 c:\program files\common files\mcafee\mna\mcnasvc.exe

P01 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

P01 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

P01 C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

P01 C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

P01 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

P01 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

P01 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

P01 C:\Program Files\DellSupport\DSAgnt.exe

P01 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

P01 C:\Program Files\Dell\Media Experience\PCMService.exe

P01 C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

P01 C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

P01 C:\PROGRA~1\mcafee\msc\mcuimgr.exe

P01 C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe

P01 C:\Program Files\Microsoft Works\MSWorks.exe

P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

P01 C:\Program Files\Java\jre6\bin\jqs.exe

P01 C:\Program Files\Java\jre6\bin\jusched.exe

P01 C:\Documents and Settings\Elizabeth\Start Menu\Programs\WinZip\WZQKPICK.EXE

R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg2.mail.yahoo.com/dc/launch?.rand=d0jn2svl5ntro

R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

BC AdBot (Login to Remove)

 


#2 ElizabethT

ElizabethT
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 29 December 2008 - 12:29 PM

Please disregard this post!! (Couldn't find a way to delete it.) Thank you.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:01 PM

Posted 07 January 2009 - 01:30 AM

Thanks for informing us.

If you find other problems please start a new topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users