Print

regedit, folderoption, task manager all gone. probablt it is effected by Virus2008, prunenet.exe, trojan vondo. CO

Sign in
Sign in to post messages.
Latest post 12/20/2008 10:24 PM by Bugbatter. 1 replies.
Back to forum | Previous | Next
 
Page 1 of 1  
Joined on 12/17/2008
Posts: 1
Points 20

regedit, folderoption, task manager all gone. probablt it is effected by Virus2008, prunenet.exe, trojan vondo. CO

17 Dec 2008 08:10AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33, on 2008-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\csrssc.exe
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
C:\WINDOWS\system32\MSIEXEC.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070705
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=5070705
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://bontrafic.org/s/in.cgi?10&key=strength+exercises+pdf
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 92.63.107.47 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.107.47 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.107.47 online.lloydstsb.co.uk
O1 - Hosts: 92.63.107.47 www.online.lloydstsb.co.uk
O1 - Hosts: 92.63.107.47 online-business.lloydstsb.co.uk
O1 - Hosts: 92.63.107.47 www.online-business.lloydstsb.co.uk
O1 - Hosts: 92.63.107.47 online-offshore.lloydstsb.com
O1 - Hosts: 92.63.107.47 www.online-offshore.lloydstsb.com
O1 - Hosts: 92.63.107.47 ibank.anbusiness.com
O1 - Hosts: 92.63.107.47 www.ibank.anbusiness.com
O1 - Hosts: 92.63.107.47 abbeyinternational.com
O1 - Hosts: 92.63.107.47 www.abbeyinternational.com
O1 - Hosts: 92.63.107.47 nwolb.com
O1 - Hosts: 92.63.107.47 www.nwolb.com
O1 - Hosts: 92.63.107.47 ibank.barclays.co.uk
O1 - Hosts: 92.63.107.47 www.ibank.barclays.co.uk
O1 - Hosts: 92.63.107.47 ibank.cahoot.com
O1 - Hosts: 92.63.107.47 www.ibank.cahoot.com
O1 - Hosts: 92.63.107.47 epassporte.com
O1 - Hosts: 92.63.107.47 www.epassporte.com
O1 - Hosts: 92.63.107.47 moneybookers.com
O1 - Hosts: 92.63.107.47 www.moneybookers.com
O1 - Hosts: 92.63.107.47 home.ybonline.co.uk
O1 - Hosts: 92.63.107.47 www.home.ybonline.co.uk
O1 - Hosts: 92.63.107.47 home.cbonline.co.uk
O1 - Hosts: 92.63.107.47 www.home.cbonline.co.uk
O1 - Hosts: 92.63.107.47 secure.partyaccount.com
O1 - Hosts: 92.63.107.47 www.secure.partyaccount.com
O1 - Hosts: 78.24.217.75 mybank.alliance-leicester.co.uk
O1 - Hosts: 78.24.217.75 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 78.24.217.75 mybusinessbank.co.uk
O1 - Hosts: 78.24.217.75 www.mybusinessbank.co.uk
O1 - Hosts: 78.24.217.75 mybankoffshore.alil.co.im
O1 - Hosts: 78.24.217.75 www.mybankoffshore.alil.co.im
O1 - Hosts: 78.24.217.75 ibank.internationalbanking.barclays.com
O1 - Hosts: 78.24.217.75 www.ibank.internationalbanking.barclays.com
O1 - Hosts: 78.24.217.75 welcome27.co-operativebank.co.uk
O1 - Hosts: 78.24.217.75 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 78.24.217.75 welcome23.smile.co.uk
O1 - Hosts: 78.24.217.75 www.welcome23.smile.co.uk
O1 - Hosts: 78.24.217.75 halifax-online.co.uk
O1 - Hosts: 78.24.217.75 www.halifax-online.co.uk
O1 - Hosts: 78.24.217.75 bankofscotlandhalifax-online.co.uk
O1 - Hosts: 78.24.217.75 www.bankofscotlandhalifax-online.co.uk
O2 - BHO: C:\WINDOWS\system32\rsekd83jde.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\rsekd83jde.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: sudeep333 Toolbar - {68f17a93-fc78-4565-8bb4-04105d1725cc} - C:\Program Files\sudeep333\tbsud1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RRT-Auto] D:\RRT\RRT.exe auto
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Sam\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197614466859
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-en/FlashAX.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: urqQhETJ - urqQhETJ.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\rsekd83jde.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11397 bytes

 

Some one plz analyze and help me fix my comp. My regedit, folderoption, task manager all gone. :(

  • Post Points: 20

1 Replies:

Joined on 02/11/2006
Posts: 17,823
Points 74,729

Re: regedit, folderoption, task manager all gone. probablt it is effected by Virus2008, prunenet.exe, trojan vondo. CO

20 Dec 2008 10:24PM

Sorry you had to wait. The volunteer analysts listed in the announcement at the top of this forum have been having a problem posting. Until Dell fixes the new software issues, I cannot get into a long fix. I can offer a suggestion to run a couple of general scans. If that does not fix the problem, click on the link in my signature and post at SpywareHammer for a follow-up review. Include your logs from the scans along with a fresh HijackThis log.

 

Try scans with these two programs in the following order:

Please download to your desktop Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checkedPhotobucket
    Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Extra Notes:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
* If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use this update link here to manually download the update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "catchjunk.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the file to the infected computer. Install the "catchjunk.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

Download and scan with Super Anti-Spyware Free for Home Users. It is available HERE:
*Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

 

Microsoft MVP - Consumer Security

Member of Alliance of Security Analysis Professionals

SpywareHammer

 

Free Internet Security - WOT Web of Trust

 

  • Post Points: 5
 
Page 1 of 1