I know that its a trojan, Win32/Patched, and I’ve tried just about everything. There isn’t any actual fixes online, save for getting a new computer or operating system. Anyone have any ideas? RELEVANT ideas?
Posts Tagged ‘Infected’
How Do I Fix An Infected Ws2_32.dll File?
Tuesday, November 24th, 2009Help! Win32.trojan.rx Has Infected My Computer.?
Saturday, October 3rd, 2009I have Windows XP and recently I started getting command prompt pop-ups, the computer was running slow, the internet windows started shutting down by themselves, a red “X” within a red circle appeared at the bottom right of the task bar, my task manager has been locked, my background has turned red. I ran hijackthis and this is what I got:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:30:37 PM, on 6/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrowser.ex…
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.E…
C:\WINDOWS\system32\services.exe
C:\WINDOWS\TEMP\7238.tmp
C:\PROGRA~1\Yahoo!\browser\ybrowser.ex…
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q38BUFE9\HiJackThis_v2…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us7.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us7.hpwis.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ransompoker.net
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ransompoker.net
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ransompoker.net/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ransompoker.net
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ransompoker.net
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ransompoker.net
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.ransompoker.net
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
F2 – REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.ex…
O1 – Hosts: 207.68.176.250 auto.search.msn.com
O1 – Hosts: 64.12.152.18 search.netscape.com
O2 – BHO: (no name) – {00000026-8735-428D-B81F-DD098223B25F} – (no file)
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O2 – BHO: myBar BHO – {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {06dfedaa-6196-11d5-bfc8-00508b4a487d} – (no file)
O2 – BHO: (no name) – {13197ace-6851-45c3-a7ff-c281324d5489} – (no file)
O2 – BHO: (no name) – {2432F099-F8E2-43C9-B765-3AF002FFC6A7} – C:\WINDOWS\System32\ssqnkli.dll (file missing)
O2 – BHO: (no name) – {30000273-8230-4dd4-be4f-6889d1e74167} – (no file)
O2 – BHO: PopKill Class – {3C060EA2-E6A9-4E49-A530-D4657B8C449A} – C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 – BHO: (no name) – {3E41E00E-7FB4-4F60-9D48-9BBB354E0CDB} – C:\Program Files\WindowsUpdate\hoke.dll
O2 – BHO: (no name) – {4e1075f4-eec4-4a86-add7-cd5f52858c31} – (no file)
O2 – BHO: (no name) – {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} – (no file)
O2 – BHO: ZKBho Class – {56071E0D-C61B-11D3-B41C-00E02927A304} – C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 – BHO: (no name) – {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} – (no file)
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 – BHO: (no name) – {5dafd089-24b1-4c5e-bd42-8ca72550717b} – (no file)
O2 – BHO: (no name) – {669695bc-a811-4a9d-8cdf-ba8c795f261e} – (no file)
O2 – BHO: CFG32S – {7564B020-44E8-4c9b-A887-C6EC41AC67DA} – C:\WINDOWS\cfg32r.dll
O2 – BHO: (no name) – {845DA2D8-0D2C-4894-708D-2BC5BF67E606} – C:\Program Files\Online Services\lavufa.dll (file missing)
O2 – BHO: (no name) – {8674aea0-9d3d-11d9-99dc-00600f9a01f1} – (no file)
O2 – BHO: (no name) – {90AB0A9A-1F20-42F8-8D42-3E2004BA6F08} – C:\WINDOWS\System32\geedd.dll (file missing)
O2 – BHO: (no name) – {965a592f-8efa-4250-8630-7960230792f1} – (no file)
O2 – BHO: (no name) – {A8FB8EB3-183B-4598-924D-86F0E5E37085} – (no file)
O2 – BHO: (no name) – {B5F20503-D7E3-4190-BA70-98CFA5968607} – \
O2 – BHO: (no name) – {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} – (no file)
O2 – BHO: (no name) – {bb936323-19fa-4521-ba29-eca6a121bc78} – (no file)
O2 – BHO: (no name) – {BE307DC6-D263-446A-8DDE-97BD6252E5Af} – C:\WINDOWS\System32\whwcstsd.dll
O2 – BHO: Scaggy Insert – {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} – C:\WINDOWS\cfg32o.dll
O2 – BHO: (no name) – {ca1d1b05-9c66-11d5-a009-000103c1e50b} – (no file)
O2 – BHO: (no name) – {CD3447D4-CA39-4377-8084-30E86331D74C} – C:\WINDOWS\System32\vnixjdfb.dll
O2 – BHO: (no name) – {cf021f40-3e14-23a5-cba2-717765728274} – (no file)
O2 – BHO: (no name) – {E30E4B66-88DA-AF2F-880A-FEADAECA72E0} – C:\WINDOWS\System32\kpb.dll
O2 – BHO: SidebarAutoLaunch Class – {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} – C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 – BHO: (no name) – {fc3a74e5-f281-4f10-ae1e-733078684f3c} – (no file)
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: hp toolkit – {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} – C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 – Toolbar: &My Way Speedbar – {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} – C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 – Toolbar: OIN Search – {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} – C:\Program Files\OIN Search\OINSearch.dll
O3 – Toolbar: Search – {669695BC-A811-4A9D-8CDF-BA8C795F261C} – C:\WINDOWS\cfg32s.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d…
O4 – HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 – HKLM\..\Run: [windows auto update] msblast.exe
O4 – HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b
O4 – HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 – HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.e…
O4 – HKLM\..\Run: [runner1] C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C0843201…
O4 – HKLM\..\Run: [Salestart] “C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe”
O4 – HKLM\..\Run: [{ZN}] C:\windows\system32\dwdsregt.exe CHD003
O4 – HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 – HKLM\..\Run: [j6201839] rundll32 C:\WINDOWS\System32\j6201839.dll sook
O4 – HKLM\..\Run: [Genuine] rundll32.exe “C:\WINDOWS\System32\ffrxqgow.dll”,reals…
O4 – HKLM\..\Run: [mstsc] C:\WINDOWS\xxiuzqeu.exe
O4 – HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 – HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 – HKLM\..\Run: [clearmp] dllmvuyc.exe
O4 – HKLM\..\Run: [wescmv] C:\WINDOWS\System32\sddcss.exe
O4 – HKLM\..\Run: [passcxd] C:\WINDOWS\System32\itmanhc.exe
O4 – HKLM\..\Run: [Microsoft Windows Updater] sqvxga7met4.exe
O4 – HKLM\..\Run: [{BA-A9-97-70-ZN}] c:\windows\system32\dwdsregt.exe CHD003
O4 – HKLM\..\Run: [dmsloop] C:\WINDOWS\System32\libjgaor.exe
O4 – HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 – HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 – HKLM\..\Run: [CaAvTray] “C:\Program Files\Yahoo!\Antivirus\CAVTray.exe”
O4 – HKLM\..\Run: [CAVRID] “C:\Program Files\Yahoo!\Antivirus\CAVRID.exe”
O4 – HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 – HKLM\..\Run: [zcseacrt] C:\WINDOWS\System32\relccxs.exe
O4 – HKLM\..\Run: [ddivmwa] C:\WINDOWS\System32\dvcsetup.exe
O4 – HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 – HKLM\..\Run: [3293288777.exe] C:\WINDOWS\System32\3293288777.exe
O4 – HKLM\..\RunServices: [Microsoft Windows Updater] sqvxga7met4.exe
O4 – HKLM\..\RunOnce: [Pest Cleaning] “C:\Program Files\Yahoo!\YPSR\ppclean.exe” “clean” “igetnet” “2″
O4 – HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 – HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [Cxb] C:\Documents and Settings\Owner\Application Data\?ecurity\m?dtc.exe
O4 – HKCU\..\Run: [Ribjz] C:\WINDOWS\??mbols\n?tdde.exe
O4 – HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 – HKCU\..\Run: [riwr] C:\PROGRA~1\COMMON~1\riwr\riwrm.exe
O4 – HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 – HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 – HKCU\..\Run: [Service Pack 1] C:\WINDOWS\System32\vexg6ame4.exe
O4 – HKCU\..\Run: [clearmp] dllmvuyc.exe
O4 – HKCU\..\Run: [wescmv] C:\WINDOWS\System32\sddcss.exe
O4 – HKCU\..\Run: [passcxd] C:\WINDOWS\System32\itmanhc.exe
O4 – HKCU\..\Run: [WinMedia] svchost
O4 – HKCU\..\Run: [Microsoft Windows Updater] sqvxga7met4.exe
O4 – HKCU\..\Run: [dmsloop] C:\WINDOWS\System32\libjgaor.exe
The Other Day I Got Infected With A Virus And Now I’m Getting An Iexplore.exe Error.?
Wednesday, September 30th, 2009I got infected with a nasty virus that messed up my web browser and all I get now is an iexplore.exe error when I try to start it. The virus blocked my computer’s virus protection and also redirected my IE to other pages. I was able to clean the infection off my computer, but now I can’t get my IE to work. When I start it I get an iexplore.exe error message and then my computer wants to restart. It was like hell trying to remove that virus so if there is a program that can fix this I would prefer it. Any suggestions?
Am I Infected With The Tdsserv.sys Rootkit?!?
Monday, September 28th, 2009i have recently installed kasperspky antivirus 8 on my windows xp. when i try to update the database, i always get the message “error connecting to update source.” while i was searching for a possible answer for my problem, i found out that there’s a new rootkit (tdsserv) that disables the updating of the our anti-viruses and stuff. it has been said that it can be disabled in the device manager, but when i went there, i cant find the said file.
as i dig more about the said rootkit, i found out some symptoms when having this pesky malware:
1. pc is working slowly
2. new desktop shortcuts have appeared or the home page has changed
3. annoying popups keep appearing on your pc
4. e-mails that you didn’t write are being sent from your mailbox
the only possible problem that i am having is that of number 3. but other than that, my pc is fine. knowing this and the fact that i cant find any tdsserv file in my device manager, is it safe to say that i am not infected with the said rootkit?
your answer is well-appreciated. ;p
Can Anyone Help With My Infected Computer.i Have My Hijack This Log File Attached. Need To No What To Do Next?
Sunday, September 27th, 2009Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\KService\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.ex…
c:\PROGRA~1\mcafee.com\agent\mctskshd.…
C:\PROGRA~1\McAfee.com\PERSON~1\MpfSer…
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.ex…
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ps2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.ex…
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTra…
C:\PROGRA~1\mcafee.com\mps\mscifapp.ex…
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.e…
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAge…
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1…
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.ex…
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis…
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.…
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.…
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: McBrwHelper Class – {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} – c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 – BHO: McAfee PopupKiller – {3EC8255F-E043-4cae-8B3B-B191550C2A22} – c:\program files\mcafee.com\mps\popupkiller.dll
O2 – BHO: McAfee AntiPhishing Filter – {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} – c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar5.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.…
O3 – Toolbar: McAfee VirusScan – {BA52B914-B692-46c4-B683-905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar5.dll
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 – HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [eSnips] “C:\Program Files\eSnips\ClientGW.exe”
O4 – HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 – HKLM\..\Run: [VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe… /checktask
O4 – HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 – HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.ex…
O4 – HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.…
O4 – HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 – HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 – HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [BitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” –force_start_minimized
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1…
O4 – HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.d…
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.d…
O9 – Extra button: Sky – {08E730A4-FB02-45BD-A900-01E4AD8016F6} – http://www.skybroadband.com (file missing)
O9 – Extra button: (no name) – {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} – c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 – Extra ‘Tools’ menuitem: McAfee AntiPhishing Filter – {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} – c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 – Extra button: Real.com – {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} – C:\WINDOWS\system32\Shdocvw.dll
O9 – Extra button: Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=H…
O9 – Extra ‘Tools’ menuitem: Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=H…
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [INTERNATIONAL] International*
O16 – DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – http://a1540.g.akamai.net/7/1540/52/200612…ex/qtplugin.cab
O16 – DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) – http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/…b?1155049517718
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdat…b?1157736199937
O16 – DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) – http://www.crucial.com/controls/cpcScanner.cab
O16 – DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) – http://game06.zylom.com/activex/zylomgamesplayer.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shoc…ash/swflash.cab
O16 – DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) – http://video.vividas.com/CDN1/5029_paramou…/vivid_ocx.jpeg
O18 – Protocol: livecall – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 – Protocol: msnim – {828030A1-22C1-4009-854F-8E305202313F} – C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 – SSODL: WPDShServiceObj – {AAA288BA-9A4C-45B0-95D7-94D524869DB5} – C:\WINDOWS\system32\WPDShServiceObj.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: KService – Kontiki Inc. – C:\Program Files\KService\KService.exe
O23 – Service: McAfee WSC Integration (McDetect.exe) – McAfee, Inc – c:\program files\mcafee.com\agent\mcdetect.exe
O23 – Service: McAfee.com McShield (McShield) – McAfee Inc. – c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee Task Scheduler (McTskshd.exe) – McAfee, Inc – c:\PROGRA~1\mcafee.com\agent\mctskshd.ex…
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – McAfee, Inc – C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.ex…
O23 – Service: McAfee Personal Firewall Service (MpfService) – McAfee Corporation – C:\PROGRA~1\McAfee.com\PERSON~1\MpfServi…
O23 – Service: McAfee SpamKiller Server (MskService) – McAfee Inc. – C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
How Can I Delete An Infected .dll File That Loads With Winlogon.exe?
Wednesday, September 2nd, 2009I have two BHO files (ssqRIcyX.dll and vtU1MgHA.dll) that load with winlogon.exe so when I try to delete them, it tells me that I cannot delete because the files are being used by another person or process. I have no recovery disc and for some reason I cant use the system restore on my computer either. Any ideas on how I can delete these files?
My System File Is Infected With Neteven.dll Virus. How To Fix It?
Monday, August 24th, 2009My System file is infected with neteven.dll virus. How to fix it?
A Vundo Virus Infected Many Of My .dll Files In My System32 Folder. How Do I Get Rid Of It?
Friday, August 21st, 2009Do I delete all my .dll files? How does the virus affect my computer? Can I just delete all my .dll files in the system32 folder?
I Was Told I May Have A Dll File That Is Infected With A Virus. Do You Know A Free Way To Get Rid Of Them.?
Monday, August 10th, 2009My firefox keeps crashing and I was told by live support it may be an infected dll file but I cant figure out how to find it or how to get rid of it. I need something that is free.