WiredWX Hobby Weather ToolsLog in

 


descriptionSolvedVundo Removal Help

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:17 PM, on 2/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\eBoostr\EBstrSvc.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\LogMeIn\x86\RaMaint.exe
E:\Program Files\LogMeIn\x86\LogMeIn.exe
E:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\Program Files\McAfee\Common Framework\FrameworkService.exe
E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Windows Defender\MSASCui.exe
E:\Program Files\Razer\DeathAdder\razerhid.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\McAfee\Common Framework\UdaterUI.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\McAfee\Common Framework\McTray.exe
E:\Program Files\Razer\DeathAdder\razerofa.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
E:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\LogMeIn\x86\LogMeInSystray.exe
E:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\rundll32.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Pidgin\pidgin.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\ClamWin\bin\ClamTray.exe
E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
E:\Program Files\Adobe Media Player\Adobe Media Player.exe
E:\Program Files\LimeWire\LimeWire.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\iTunes\iTunes.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Phil\Desktop\hijackgpthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookanddiscover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26DF2979-95A7-43E2-ABDF-232623631C79} - E:\WINDOWS\system32\opnlJccc.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - E:\WINDOWS\system32\urqOIyYo.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: {62ec6d50-c96c-52f9-4b94-25dd17f8269c} - {c9628f71-dd52-49b4-9f25-c69c05d6ce26} - E:\WINDOWS\system32\xdoihr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DeathAdder] E:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShStatEXE] "E:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "E:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [000000af] rundll32.exe "E:\WINDOWS\system32\prngifcw.dll",b
O4 - HKCU\..\Run: [AdobeUpdater] "E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] E:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Phil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Windows Update] Update.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pidgin] E:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ClamWin] "E:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [Windows Update] Update.exe (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [AdobeUpdater] "E:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" (User 'Mom')
O4 - HKUS\S-1-5-21-1177238915-515967899-725345543-1004\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Mom')
O4 - Startup: Adobe Media Player.lnk = E:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = E:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: mwojvd.dll xdoihr.dll
O20 - Winlogon Notify: urqOIyYo - E:\WINDOWS\SYSTEM32\urqOIyYo.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - E:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - E:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98b2612687ae8) (gupdate1c98b2612687ae8) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - E:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - E:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - E:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 13955 bytes

descriptionSolvedRe: Vundo Removal Help

more_horiz
Hello.
Bad news.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

descriptionSolvedRe: Vundo Removal Help

more_horiz
Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionSolvedRe: Vundo Removal Help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum