Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Issues, Trying To Fix It.


  • This topic is locked This topic is locked
8 replies to this topic

#1 Grimtooth

Grimtooth

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 21 April 2007 - 12:27 AM

Original thread - http://www.bleepingcomputer.com/forums/t/89359/virusmalware-locked-out-of-run-task-manager-etc/

Ran VundoFix and Virtumundobegone.

Ran several virus scans with different scanners, same with spyware tools.
Manually edited the registry.

Still see the damn files in Hijackthis and in VundoFix.
Still receive popups for Nextar and WinAntiVirus Pro 2006 and other products.


Current Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:09 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
f:\apps\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
G:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
G:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Grimtooth\Desktop\HijackThis.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - G:\WINDOWS\system32\jtixkdmk.dll
O2 - BHO: (no name) - {410DCAE8-1BA1-41FB-9C03-2906A448E4A7} - G:\WINDOWS\system32\geede.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "G:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "G:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "G:\WINDOWS\system32\wsygckvm.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175382736390
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...013/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - f:\apps\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe




Please any assistance would be appreciated.

Thank you,
Tony

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:56 PM

Posted 21 April 2007 - 02:52 AM

Start with this. Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Grimtooth

Grimtooth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 21 April 2007 - 06:13 PM

On the left check C:\Fixed Drive.

Is this supposed to be the location of my windows install? I have a non standard install with a different drive letter, fyi.

I followed your directions and under this section:

Under Scanner Options make sure the following are checked:

* Close browsers before scanning
* Scan for tracking cookies
* Terminate memory threats before quarantining.
* Please leave the others unchecked.
* Click the Close button to leave the control center screen.


I completely unchecked everything and checked the 3 options you wanted.

I scanned, but when it scanned it didn't close my browser, I use Mozilla as my primary browser.



SUPERAntiSpyware Scan Log
Generated 04/21/2007 at 04:54 PM

Application Version : 3.6.1000

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type : Complete Scan
Total Scan Time : 00:39:18

Memory items scanned : 429
Memory threats detected : 1
Registry items scanned : 4338
Registry threats detected : 6
File items scanned : 54507
File threats detected : 43

Trojan.Downloader-Gen/LIB
G:\WINDOWS\SYSTEM32\JTIXKDMK.DLL
G:\WINDOWS\SYSTEM32\JTIXKDMK.DLL
G:\DOCUMENTS AND SETTINGS\GRIMTOOTH\DESKTOP\BACKUPS\BACKUP-20070420-222641-228.DLL
G:\VUNDOFIX BACKUPS\RVUXFAFV.DLL.BAD
G:\WINDOWS\SYSTEM32\MARAKNRV.DLL.BAK

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{67C55A8D-E808-4caa-9EA7-F77102DE0BB6}
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}\InprocServer32#ThreadingModel
G:\WINDOWS\SYSTEM32\RVUXFAFV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}
HKCR\CLSID\{67C55A8D-E808-4CAA-9EA7-F77102DE0BB6}

Adware.Tracking Cookie
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@indiads[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www8.addfreestats[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@atwola[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@targetnet[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@trafficmp[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@doubleclick[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www.googleadservices[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@atdmt[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@adecn[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@stats1.reliablestats[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@drivecleaner[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@ad.yieldmanager[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@tribalfusion[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www.winantispyware[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@cpvfeed[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@2o7[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@winantispyware[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www.amaena[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@zedo[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@fastclick[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@winantivirus[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@advertising[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www.drivecleaner[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@anad.tacoda[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@ads.realtechnetwork[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@clickbank[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@ehg-pcsecurityshield.hitbox[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@media.fastclick[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@hitbox[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@realmedia[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@www.winantiviruspro[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@stats.drivecleaner[2].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@msnportal.112.2o7[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@msnservices.112.2o7[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@redorbit[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@mediaplex[1].txt
G:\Documents and Settings\Grimtooth\Cookies\grimtooth@edge.ru4[2].txt

Unclassified.Unknown Origin/System
G:\WINDOWS\SYSTEM32\PMKJH.DLL


Here's the other file that you wanted.

Logfile of HijackThis v1.99.1
Scan saved at 5:07:12 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\nvsvc32.exe
f:\apps\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
G:\WINDOWS\system32\wscntfy.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\RTHDCPL.EXE
G:\WINDOWS\system32\RUNDLL32.EXE
G:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
G:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
G:\WINDOWS\system32\wuauclt.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\Mozilla Firefox\firefox.exe
G:\Documents and Settings\Grimtooth\Desktop\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "G:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "G:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [MSConfig] G:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: g:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175382736390
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...013/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - G:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - G:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - f:\apps\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Edited by Grimtooth, 21 April 2007 - 07:11 PM.


#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:56 PM

Posted 22 April 2007 - 03:05 AM

Your HijackThis log looks better. Have you disabled anything using msconfig?

Edited by Daemon, 22 April 2007 - 03:06 AM.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Grimtooth

Grimtooth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 22 April 2007 - 01:15 PM

What I have disabled is..


DealioAU
ashDisp - no clue what it was.
miniinst - no clue what it was
msmsgs - I never run it and for some reason it started running.
dqrrscga - Didn't like the look of this one.

I wish I knew how to take stuff out of the startup menu in msconfig, like to remove the entries permanently.


Thank you,
Tony

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:56 PM

Posted 22 April 2007 - 04:19 PM

Can you re-enable them, reboot and post a new HJT log. I'll clear them up for you.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 Grimtooth

Grimtooth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 23 April 2007 - 08:47 PM

Daemon, I would never doubt you in any thing. Yet I am hesitant in turning them back on. I will attempt to do so Monday night.


Oh neat, I just got a pop up and a hijack from DriveCleaner again. /cries

I know most of these fixes cure IE, but does it do the same for me since I use Mozilla?



Thank you,
Tony

Edited by Grimtooth, 23 April 2007 - 08:56 PM.


#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:56 PM

Posted 24 April 2007 - 01:33 AM

Do this for me:

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:56 PM

Posted 02 May 2007 - 01:18 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a Moderator. This applies only to the original topic starter. Everyone else please begin a New Topic.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users