Home > Hijackthis Log > Hijackthis Log -- Vundo Problems

Hijackthis Log -- Vundo Problems

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\HP_ADMINISTRATOR\Application Data\Mozilla\Profiles\default\os9tcey4.slt\prefs.js)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: NAV No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and HiJackThis Log - Vundo problem Started by rp19991 , Dec 17 2008 10:06 PM This topic is locked 2 replies to this topic #1 rp19991 rp19991 Members 2 posts OFFLINE Continuing.[11/16/2007, 20:06:42] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)[11/16/2007, 20:06:42] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()[11/16/2007, 20:06:42] - WARNING: BHO has no default name. useful reference

Back to top #9 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:09:24 AM Posted 09 June 2008 - 07:31 AM Since this issue Share this post Link to post Share on other sites This topic is now closed to further replies. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. If you still have problems, please Start a new topic. https://www.bleepingcomputer.com/forums/t/187433/hijackthis-log-vundo-problem/

VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: EvtEng - Intel Yes you may delete the tools and logs as we don't need them anymore. * Please reset your System Restore, because if you go back in time with "System Restore", the They may otherwise interfere with our tools. When turning off System Restore, the existing Restore Points will be deleted.

Back to top #6 GACGustie GACGustie Member Full Member 6 posts Posted 03 July 2007 - 05:50 PM VundoFix V6.5.4Checking Java version...Java version is 1.4.2.3Old versions of java are exploitable and Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Please re-enable javascript to access full functionality. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates,

Back to top #3 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 03 July 2007 - 08:39 AM Hi GACGustie I am currently studying your log and will Thanks a lot. Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. This Site Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com

I'm very happy to hear that your system is running smoothly. AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Everyone else please begin a New Topic.

Checking for Winlogon reference.[11/16/2007, 20:06:42] - Checking for HKLM\...\Winlogon\Notify\tnnxaacc[11/16/2007, 20:06:42] - Key not found: HKLM\...\Winlogon\Notify\tnnxaacc, continuing.[11/16/2007, 20:06:42] - BHO 6: {D8BC40D9-F1E8-4244-9A6D-E271D0D3A313} ()[11/16/2007, 20:06:42] - WARNING: BHO has no default name. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. Click here to Register a free account now! Share this post Link to post Share on other sites AdvancedSetup    Staff Root Admin 63,852 posts Location: US ID: 4   Posted January 18, 2009 Are you still with us?

Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? see here I've been trying to get rid of Vundo for about 2 days now. Here's the new HijackThis log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:47:48 PM, on 11/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Back to top #7 Mieke Mieke HJT Helper Retired Staff - Helper 265 posts Posted 04 July 2007 - 07:31 AM Hi GACGustie, * Please open notepad and copy/paste the text

  1. It's a lot easier than trying to remember everything.------------------------------------------------* Please put HijackThis.exe in it's permanent folder, if you fix something with hijackThis, it will create a backup.
  2. You need to run hijackthis scan , check only the following unnecessary entries and click fix.   O2 - BHO: (no name) - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - (no file)O2 - BHO: (no name)
  3. Please note that your topic was not intentionally overlooked.
  4. Check "Turn off System Restore" and click "Apply".5.
  5. Any help would be greatly appreciated.Here's the story:--I keep getting an AutoProtect window saying that I have a bunch of Trojans.--I tried running VundoFix, but that didn't find anything--I tried running
  6. My computer is slow---My Blog---Follow me on Twitter.My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!Asking for help

R, K The only easy day was yesterday. ...some do, some don't; some will, some won't (WR) Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) I thought the Virus was gone when I used Hijackthis as well as many other anti-spyware programs(superantispy, malware, adaware, spybot) to get rid of it a few weeks ago. AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! this page VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: EvtEng - Intel

FT Server""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\WINDOWS\\system32\\bxrhsime.exe"="C:\\WINDOWS\\system32\\bxr""C:\\WINDOWS\\system32\\vmbeuepc.exe"="C:\\WINDOWS\\system32\\vmb"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\kclouse.MOL-BP8RL81\Application DataCLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zipCLIENTNAME=ConsoleCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=MOL-BP8RL81ComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\kclouse.MOL-BP8RL81LOGONSERVER=\\MOL-BP8RL81NUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0d08ProgramFiles=C:\Program FilesPROMPT=$P$GQTJAVA=C:\Program The 2 log results from Jotti.2. Please perform the following scan:Download DDS by sUBs from one of the following links.

Checking for Winlogon reference.[11/16/2007, 20:06:42] - No filename found.

Is there anything else I can do to fully get rid of this pesky problem? My computer's so slow I can barely even get on your forum. All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs HJT log, Vundo problems Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

A new HijackThis log.----------------------------------------Please let me know if you have got problems during the fix.Mieke Back to top #5 GACGustie GACGustie Member Full Member 6 posts Posted 03 July 2007 - Thanks!The fixes and advice in this thread are for this machine only. Is it ok for me to delete all the programs and logs I saved for this removal process? http://liveterrain.com/hijackthis-log/help-understanding-hijackthis-log-and-then-fixing-problems.php Thanks in advance, here's my log:Logfile of HijackThis v1.99.1Scan saved at 5:44:26 PM, on 6/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program

My name is BHowett and I will be helping you to get sorted. mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Checking for Winlogon reference.[11/16/2007, 20:06:42] - Checking for HKLM\...\Winlogon\Notify\vturp[11/16/2007, 20:06:42] - Key not found: HKLM\...\Winlogon\Notify\vturp, continuing.[11/16/2007, 20:06:42] - Finished Searching Browser Helper Objects[11/16/2007, 20:06:42] - Finishing up...[11/16/2007, 20:06:42] - Nothing found! Edited by Stu Dente, 17 November 2007 - 08:12 AM. 0 Advertisements #2 kahdah Posted 20 November 2007 - 11:34 AM kahdah GeekU Teacher Retired Staff 15,822 posts Hello Stu DenteWelcome

iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 The contents of C:\vundofix.txt 2. My computer is slow---My Blog---Follow me on Twitter.My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!Asking for help VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: EvtEng - Intel

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:57 PM, on 12/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Apple\Mobile