Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthis log, virtumonde on system, most likely other bugs, HELP!


  • This topic is locked This topic is locked
8 replies to this topic

#1 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 04 November 2007 - 11:01 PM

Tried every detection removal tool listed on the "before you post log" post. Many detect it, nothing removes it. I know for a fact that Virtumonde is present on my system, but I am fairly certain other malware/virus are as well. It will typically lie dormant until I connect to the internet. Then the computer will run slower, the internet will crash altogether and I will receive false security warning balloons and pop ups due to a few different BHOs that are running (invisible to task manager).

I just need to get rid of this thing. Thanks for your help. Much appreciated!!!!!

HIJACK THIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:16 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
C:\Documents and Settings\Marisol Avellaneda\Desktop\Virus Stuff\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: {a573bfb3-5804-517b-cc74-70fb6f3cba44} - {44abc3f6-bf07-47cc-b715-40853bfb375a} - C:\WINDOWS\system32\uenqvniq.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iavtebmu.dll
O2 - BHO: (no name) - {CCDAB2C1-2EBE-455A-AB92-CA12C5F3D1BA} - C:\WINDOWS\system32\nnnmn.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iavtebmu.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\msapp32.exe
O4 - Startup: Notmad Manager.lnk = C:\Program Files\Red Chair Software\Notmad Explorer\notmgr.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: bwhbzbxm - bwhbzbxm.dll (file missing)
O20 - Winlogon Notify: dkaazqpr - dkaazqpr.dll (file missing)
O20 - Winlogon Notify: iavtebmu - C:\WINDOWS\SYSTEM32\iavtebmu.dll
O20 - Winlogon Notify: winyqq32 - winyqq32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ysqbsahk.exe (file missing)
O23 - Service: F - Sysinternals - www.sysinternals.com - C:\DOCUME~1\MARISO~1\LOCALS~1\Temp\F.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O24 - Desktop Component 0: (no name) - http://www.farnesega...ireplaces04.jpg

--
End of file - 5807 bytes

LIST OF FOUND SUSPICIOUS FILES:
*vturrqr.dll
*btojdndo.dll
*foxszwd.dll
*hrokknyv.dll
bxayfbey.dll
nnnmn.dll

*ysqbsahk.exe
qpviomnl.dll
uenqvniq.dll
iavtebmu.dll

*{60676966-E9D0-44C8-89AA-5A74A35BDA77}
*{89AD4D75-2429-462e-BD4E-443F233F6033}
*{A95B2816-1D7E-4561-A202-68C0DE02353A}


*removed

VIRTUMONDE BE GONE LOG:


[10/30/2007, 15:12:33] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marisol Avellaneda\Desktop\VirtumundoBeGone.exe" )
[10/30/2007, 15:12:38] - Detected System Information:
[10/30/2007, 15:12:39] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 15:12:39] - Current Username: Marisol Avellaneda (Admin)
[10/30/2007, 15:12:39] - Windows is in NORMAL mode.
[10/30/2007, 15:12:39] - Searching for Browser Helper Objects:
[10/30/2007, 15:12:39] - BHO 1: {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} ()
[10/30/2007, 15:12:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:12:39] - Checking for HKLM\...\Winlogon\Notify\vturrqr
[10/30/2007, 15:12:39] - Found: HKLM\...\Winlogon\Notify\vturrqr - This is probably Virtumundo.
[10/30/2007, 15:12:39] - Assigning {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} MSEvents Object
[10/30/2007, 15:12:39] - BHO list has been changed! Starting over...
[10/30/2007, 15:12:39] - BHO 1: {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} (MSEvents Object)
[10/30/2007, 15:12:39] - ALERT: Found MSEvents Object!
[10/30/2007, 15:12:40] - BHO 2: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:12:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:12:40] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:12:40] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:12:40] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[10/30/2007, 15:12:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:12:40] - Checking for HKLM\...\Winlogon\Notify\foxszwud
[10/30/2007, 15:12:40] - Found: HKLM\...\Winlogon\Notify\foxszwud - This is probably Virtumundo.
[10/30/2007, 15:12:40] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[10/30/2007, 15:12:40] - BHO list has been changed! Starting over...
[10/30/2007, 15:12:40] - BHO 1: {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935} (MSEvents Object)
[10/30/2007, 15:12:40] - ALERT: Found MSEvents Object!
[10/30/2007, 15:12:40] - BHO 2: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:12:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:12:40] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:12:40] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:12:41] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[10/30/2007, 15:12:41] - ALERT: Found MSEvents Object!
[10/30/2007, 15:12:41] - BHO 4: {A9B3CD2A-4ED9-4127-BD4A-01994D67A4DA} ()
[10/30/2007, 15:12:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:12:41] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:12:41] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:12:41] - Finished Searching Browser Helper Objects
[10/30/2007, 15:12:41] - *** Detected MSEvents Object
[10/30/2007, 15:12:41] - Trying to remove MSEvents Object...
[10/30/2007, 15:12:42] - Terminating Process: IEXPLORE.EXE
[10/30/2007, 15:12:52] - Terminating Process: RUNDLL32.EXE
[10/30/2007, 15:13:02] - Disabling Automatic Shell Restart
[10/30/2007, 15:13:02] - Terminating Process: EXPLORER.EXE
[10/30/2007, 15:13:03] - Suspending the NT Session Manager System Service
[10/30/2007, 15:13:03] - Terminating Windows NT Logon/Logoff Manager
[10/30/2007, 15:13:04] - Re-enabling Automatic Shell Restart
[10/30/2007, 15:13:04] - File to disable: C:\WINDOWS\system32\vturrqr.dll
[10/30/2007, 15:13:04] - Renaming C:\WINDOWS\system32\vturrqr.dll -> C:\WINDOWS\system32\vturrqr.dll.vir
[10/30/2007, 15:13:05] - File successfully renamed!
[10/30/2007, 15:13:05] - Removing HKLM\...\Browser Helper Objects\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}
[10/30/2007, 15:13:05] - Removing HKCR\CLSID\{3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}
[10/30/2007, 15:13:06] - Adding Kill Bit for ActiveX for GUID: {3E4A0D7B-DD02-4A3F-A04C-0B3FF84AD935}
[10/30/2007, 15:13:07] - Deleting ATLEvents/MSEvents Registry entries
[10/30/2007, 15:13:07] - Removing HKLM\...\Winlogon\Notify\vturrqr
[10/30/2007, 15:13:07] - Searching for Browser Helper Objects:
[10/30/2007, 15:13:07] - BHO 1: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:13:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:13:07] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:13:07] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:13:07] - BHO 2: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[10/30/2007, 15:13:07] - ALERT: Found MSEvents Object!
[10/30/2007, 15:13:07] - BHO 3: {A9B3CD2A-4ED9-4127-BD4A-01994D67A4DA} ()
[10/30/2007, 15:13:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:13:08] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:13:08] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:13:08] - Finished Searching Browser Helper Objects
[10/30/2007, 15:13:08] - *** Detected MSEvents Object
[10/30/2007, 15:13:08] - Trying to remove MSEvents Object...
[10/30/2007, 15:13:09] - Terminating Process: IEXPLORE.EXE
[10/30/2007, 15:13:09] - Terminating Process: RUNDLL32.EXE
[10/30/2007, 15:13:09] - Disabling Automatic Shell Restart
[10/30/2007, 15:13:09] - Terminating Process: EXPLORER.EXE
[10/30/2007, 15:13:09] - Suspending the NT Session Manager System Service
[10/30/2007, 15:13:10] - Terminating Windows NT Logon/Logoff Manager
[10/30/2007, 15:13:10] - Re-enabling Automatic Shell Restart
[10/30/2007, 15:13:10] - File to disable: C:\WINDOWS\system32\foxszwud.dll
[10/30/2007, 15:13:10] - Renaming C:\WINDOWS\system32\foxszwud.dll -> C:\WINDOWS\system32\foxszwud.dll.vir
[10/30/2007, 15:13:10] - ! File rename was unsucessful.
[10/30/2007, 15:13:10] - Attempting to Deny Access to C:\WINDOWS\system32\foxszwud.dll
[10/30/2007, 15:13:16] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[10/30/2007, 15:13:16] - processed file: C:\WINDOWS\system32\foxszwud.dll

[10/30/2007, 15:13:16] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[10/30/2007, 15:13:16] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:13:16] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:13:16] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:13:17] - Deleting ATLEvents/MSEvents Registry entries
[10/30/2007, 15:13:17] - Removing HKLM\...\Winlogon\Notify\foxszwud
[10/30/2007, 15:13:17] - Searching for Browser Helper Objects:
[10/30/2007, 15:13:17] - BHO 1: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:13:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:13:17] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:13:17] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:13:17] - BHO 2: {A9B3CD2A-4ED9-4127-BD4A-01994D67A4DA} ()
[10/30/2007, 15:13:17] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:13:18] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:13:18] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:13:18] - Finished Searching Browser Helper Objects
[10/30/2007, 15:13:18] - Finishing up...
[10/30/2007, 15:13:18] - A restart is needed.
[10/30/2007, 15:13:18] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[10/30/2007, 15:14:06] - Attempting to Restart via STOP error (Blue Screen!)

[10/30/2007, 15:21:58] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Marisol Avellaneda\Desktop\VirtumundoBeGone.exe" )
[10/30/2007, 15:22:02] - Detected System Information:
[10/30/2007, 15:22:02] - Windows Version: 5.1.2600, Service Pack 2
[10/30/2007, 15:22:02] - Current Username: Marisol Avellaneda (Admin)
[10/30/2007, 15:22:02] - Windows is in SAFE mode.
[10/30/2007, 15:22:02] - Searching for Browser Helper Objects:
[10/30/2007, 15:22:02] - BHO 1: {45C2A803-2BF0-4DBA-A496-BDB2B9F0259A} ()
[10/30/2007, 15:22:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:02] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:22:02] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:22:02] - BHO 2: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:22:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:02] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:22:02] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:22:02] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[10/30/2007, 15:22:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:02] - Checking for HKLM\...\Winlogon\Notify\foxszwud
[10/30/2007, 15:22:02] - Found: HKLM\...\Winlogon\Notify\foxszwud - This is probably Virtumundo.
[10/30/2007, 15:22:02] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[10/30/2007, 15:22:02] - BHO list has been changed! Starting over...
[10/30/2007, 15:22:02] - BHO 1: {45C2A803-2BF0-4DBA-A496-BDB2B9F0259A} ()
[10/30/2007, 15:22:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:03] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:22:03] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:22:03] - BHO 2: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:22:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:03] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:22:03] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:22:03] - BHO 3: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[10/30/2007, 15:22:03] - ALERT: Found MSEvents Object!
[10/30/2007, 15:22:03] - Finished Searching Browser Helper Objects
[10/30/2007, 15:22:03] - *** Detected MSEvents Object
[10/30/2007, 15:22:03] - Trying to remove MSEvents Object...
[10/30/2007, 15:22:04] - Terminating Process: IEXPLORE.EXE
[10/30/2007, 15:22:04] - Terminating Process: RUNDLL32.EXE
[10/30/2007, 15:22:04] - Disabling Automatic Shell Restart
[10/30/2007, 15:22:04] - Terminating Process: EXPLORER.EXE
[10/30/2007, 15:22:04] - Suspending the NT Session Manager System Service
[10/30/2007, 15:22:04] - Terminating Windows NT Logon/Logoff Manager
[10/30/2007, 15:22:05] - Re-enabling Automatic Shell Restart
[10/30/2007, 15:22:05] - File to disable: C:\WINDOWS\system32\foxszwud.dll
[10/30/2007, 15:22:05] - Renaming C:\WINDOWS\system32\foxszwud.dll -> C:\WINDOWS\system32\foxszwud.dll.vir
[10/30/2007, 15:22:05] - ! File rename was unsucessful.
[10/30/2007, 15:22:05] - Attempting to Deny Access to C:\WINDOWS\system32\foxszwud.dll
[10/30/2007, 15:22:05] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[10/30/2007, 15:22:05] - processed file: C:\WINDOWS\system32\foxszwud.dll

[10/30/2007, 15:22:05] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[10/30/2007, 15:22:05] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:22:05] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:22:05] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/30/2007, 15:22:05] - Deleting ATLEvents/MSEvents Registry entries
[10/30/2007, 15:22:05] - Removing HKLM\...\Winlogon\Notify\foxszwud
[10/30/2007, 15:22:05] - Searching for Browser Helper Objects:
[10/30/2007, 15:22:05] - BHO 1: {45C2A803-2BF0-4DBA-A496-BDB2B9F0259A} ()
[10/30/2007, 15:22:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:06] - Checking for HKLM\...\Winlogon\Notify\nnnmn
[10/30/2007, 15:22:06] - Key not found: HKLM\...\Winlogon\Notify\nnnmn, continuing.
[10/30/2007, 15:22:06] - BHO 2: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/30/2007, 15:22:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/30/2007, 15:22:06] - Checking for HKLM\...\Winlogon\Notify\btojdndo
[10/30/2007, 15:22:06] - Key not found: HKLM\...\Winlogon\Notify\btojdndo, continuing.
[10/30/2007, 15:22:06] - Finished Searching Browser Helper Objects
[10/30/2007, 15:22:06] - Finishing up...
[10/30/2007, 15:22:06] - A restart is needed.
[10/30/2007, 15:22:06] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[10/30/2007, 15:22:13] - Attempting to Restart via STOP error (Blue Screen!)

    Advertisements

Register to Remove


#2 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 05 November 2007 - 11:11 AM

Any special reason why those who posted after I did are getting help while I'm not?

#3 miekiemoes

miekiemoes

    MalwareBytes

  • Visiting Fellow
  • PipPipPipPip
  • 514 posts

Posted 06 November 2007 - 09:37 AM

Any special reason why those who posted after I did are getting help while I'm not?


Because you posted at several different forums and are wasting our time because of this since many helpers now answered already:

http://www.geekstogo...33-t175668.html
http://www.bleepingc...opic115113.html
http://gladiator-ant...mp;#entry187730

:(

#4 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 November 2007 - 09:48 AM

miekiemoes, If you haven't noticed no one's helped me on this site. I posted here, but no one's helped me so it doesn't matter, I'll close the thread. I posted on a bunch of sites, but of all those you've listed I've only gotten help on Bleeping Computer (and she just recently shut down the thread because someone responded to me once on Gladiator). I'm not getting any help on Gladiator anymore, so that's why I'm looking elsewhere. I can't be waiting around too long for replies, I need to get my computer up and running again. I've gotten the most consistent help on Bleeping Computer. Only recently did someone reply on GeeksToGo. You've gotta shop around a little bit and see where you can find someone who's the most helpful. I'm trying to get the person who was helping me on Bleeping Computer to continue the thread because I'm closing the one on Gladiator. If you could do me a favor and lay off the PSAs, that'd be super.

#5 miekiemoes

miekiemoes

    MalwareBytes

  • Visiting Fellow
  • PipPipPipPip
  • 514 posts

Posted 06 November 2007 - 10:05 AM

I understand that you wanted to get help asap - you started all these threads yesterday and actually already received a response in most of these threads in less than a day. Most people should wait at least 3 days for a reply, because every day there are more than 20 new logs being posted. We don't have enough helpers to deal with them all in once. Also, most helpers do have a full time job in between - so the time we spend here to help people is in our free time and for free.

#6 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 November 2007 - 10:10 AM

I understand all of that, but I did not start the threads yesterday, they were started before that, the time zones got screwed up. Just bear with me here, I'm now receiving helping only on GeekstoGo. Please don't screw that up, I need to get my computer fixed. Thanks.

#7 miekiemoes

miekiemoes

    MalwareBytes

  • Visiting Fellow
  • PipPipPipPip
  • 514 posts

Posted 06 November 2007 - 03:33 PM

You've gotta shop around a little bit and see where you can find someone who's the most helpful.

Well, this is no shop and the help you are receiving at the forums is for free. :)
It would have been nice if you mentioned in the other threads that you were already receiving help. There are several reasons why we don't like multiple posting. 1st reason is - it's confusing for the one who is helping you if other instructions were performed in between > result > the helpers can make mistakes because logs won't make sense anymore.
2nd reason - as I already said previously - there are too many logs and there are not enough helpers around to deal with them all in once. If people start multiposting, then more than 1 helper is dealing with your log, analyzing it and posting instructions. They could have helped someone else in between.
It's not fair toward other users who posted their logs as well, because of that, they'll have to wait longer. :(

I can't be waiting around too long for replies, I need to get my computer up and running again.

I do understand this part, but everyone who posted their log here need to get their computer up and running again asap.

So I just hope that you understand our point of view as well.

#8 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 November 2007 - 04:31 PM

Of course I understand where you're all coming from. It's all better now, I've worked everything out with the concerned parties and I won't do it again. I do find it strange though that different people instruct you do do different things, use different programs and notice different faults. I just thought that a combination of a few different brains would be better than one, that's all.

#9 krylon800

krylon800

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 November 2007 - 03:43 PM

The problem has been fixed, thanks for your help!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users