WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
not time it seems to know what im trying to do
Started by
Waruichinchilla
, Mar 09 2007 10:00 PM
5 replies to this topic
#1
Waruichinchilla
-
- New Member
-
- 3 posts
New Member
Posted 09 March 2007 - 10:00 PM
Register to Remove
#2
Waruichinchilla
-
- New Member
-
- 3 posts
New Member
Posted 09 March 2007 - 10:12 PM
BTW i ment to say no time...
ne way..
it started with Yahoo tool bar... big deal... remove program..and it happend again....and again
then i would open IE and leave it on about:blank and then after a set amount of time a series of popups would apear. the first that apears is a downloader, then about 5 or 6 slow loading "advertisements", im gussing to stop me from getting to the download. lucky my popup bloker soped the download, but its happend numerous times and i dont know it it will find away around it. thats still happening but now a audio "thing" apears that i cant find, only hear so i cant trace its source to remove it. i have updated Systematic Antivirus and deleted 2 trojens and 7 downloader viruses and all of this is still happening and getting worse.
help me obi wan coyote, your my only hope.
#3
Waruichinchilla
-
- New Member
-
- 3 posts
New Member
Posted 20 March 2007 - 07:46 PM
Logfile of HijackThis v1.99.1
Scan saved at 8:43:12 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Gravity\RebirthRO\RebirthRO Patcher.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {ef1b78a7-2cae-4495-8282-ac96ac823a24} - C:\WINDOWS\system32\c_1866.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\mlkkih.dll",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\vtutrqp.dll
O20 - Winlogon Notify: c_1866 - C:\WINDOWS\SYSTEM32\c_1866.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
#4
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 21 March 2007 - 09:09 AM
Hello Waruichinchilla and welcome to the forums here at Tom Coyote.
I merged your original topic that you posted about 10 days ago with your new one. You probably didn't get a response originally because you replied to your own topic. We look for topics with no responses. In the future, if you have not received a reply in 5 days you can then post here:
http://forums.tomcoy...showtopic=65180
OK, for the fix:
Please download
VundoFix.exe to your desktop.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.
Regards,
Dave
I merged your original topic that you posted about 10 days ago with your new one. You probably didn't get a response originally because you replied to your own topic. We look for topics with no responses. In the future, if you have not received a reply in 5 days you can then post here:
http://forums.tomcoy...showtopic=65180
OK, for the fix:
Please download
VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click Yes
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.
Regards,
Dave
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#5
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 26 March 2007 - 12:34 PM
Do you still need help here? Please let me know.
Thanks,
Dave
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
#6
IndiGenus
-
- Authentic Member
-
- 5,251 posts
Teacher Emeritus
- Interests:Computer Security, Music, Sports
Posted 02 April 2007 - 12:08 PM
Due to a lack of a responce this topic is now closed.
If you wish it reopened, please send us an email ( Click for address ) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
To help keep your PC clean follow the recommendations here by shelf life.
If you wish it reopened, please send us an email ( Click for address ) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
To help keep your PC clean follow the recommendations here by shelf life.
IndiGenus
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
The help you receive here is free, but if you would like to help me continue the fight against Malware then
Logs will be closed if you haven't replied within 5 days
Proud Graduate of TC/WTT Classroom
"To find perfect composure in the midst of change is to find ourselves in nirvana."
Suzuki Roshi
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
