| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 99404 | 2009-04-30 15:46:00 | RUNDLL prompt | craigdele (9370) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 769834 | 2009-04-30 15:46:00 | Today i was using Windows XP and the Avast anti virus scanner detected several viruses which I selected to be sent to the chest . On booting a RUNDLL dialog prompt appear with the message "Error loading dll32" Also Firefox and IE would not connect to the internet . Under Firefox/tools/options/advance/setting "manual proxy configuration" is selected . Changing selection to "Auto-detect proxy settings for this network" has now allowed me to connect to the internet . However my system is now slowing down . I feel I still have a infect computer . How do I remove the above error and prevent this reoccuring? regards Craig Delehanty |
craigdele (9370) | ||
| 769835 | 2009-04-30 21:54:00 | Install and run Spybot, Malware Bytes. make sure they are up to date first. They should be updated and run a minimum of once a week. Also run Hijackthis and post the log here for Speedy to view and advise on what to remove. |
pctek (84) | ||
| 769836 | 2009-04-30 22:25:00 | Disable System Restore first. Right Click My Computer>Properties>System Restore>Tick Disable System Restore on all drives. Blam |
Blam (54) | ||
| 769837 | 2009-05-06 04:34:00 | Thanks for your reply . I installed and ran Malware Bytes and followed the requested actions . I am unable to install spybot . It displays an error prompt "A connection with the server could not be established" Status is connecting to 127 . 0 . 0 . 1 . My browser (firefox) under connection settings shows there is no proxy for localhost, 127 . 0 . 0 . 1! After running Malware I no longer get the RUNDLL error loadinng dll32 prompt but the pc is now sluggish . below is the Hijackthis log . regards Dele Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 2:55:04 PM, on 5/6/2009 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Windows Defender\MsMpEng . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\iTunes\iTunesHelper . exe C:\WINDOWS\system32\rundll32 . exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\Program Files\Windows Defender\MSASCui . exe C:\Program Files\Java\jre6\bin\jusched . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Grisoft\AVG Anti-Spyware 7 . 5\guard . exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - C:\WINDOWS\retnsrp . dll (file missing) O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [BluetoothAuthenticationAgent] rundll32 . exe bthprops . cpl,,BluetoothAuthenticationAgent O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime O4 - HKLM\ . . \Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui . exe" -hide O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched . exe" O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [dll32] dll32 O4 - Global Startup: DataViz Inc Messenger . lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe O4 - Global Startup: HotSync Manager . lnk = C:\Program Files\palmOne\Hotsync . exe O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos . scr/200 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper . dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1180234063187" target="_blank">update . microsoft . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s . r . o . - C:\Program Files\Grisoft\AVG Anti-Spyware 7 . 5\guard . exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe -- End of file - 7274 bytes |
craigdele (9370) | ||
| 769838 | 2009-05-06 07:42:00 | O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - :\WINDOWS\retnsrp.dll (file missing) O4 - HKCU\..\Run: [dll32] dll32 Very nasty! Update MBAM and perform a full scan. Download the trial Trojan remover and select all options under utilies, your hosts file has probably been meddled with according to Spybot's error www.simplysup.com Also perform a scan. After that you should be able to update Spybot S & D Blam |
Blam (54) | ||
| 769839 | 2009-05-07 01:20:00 | I installed and ran the trial Trojan remover . It found the dll32 error and i accepted it's prompts . But I still cannot install Spybot S & R or update the database of Malware Bytes . Both programs fail to connect to there server . How can I overcome this connection failure? Latest Hijackthis log below . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 12:20:18 PM, on 5/7/2009 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Windows Defender\MsMpEng . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Lavasoft\Ad-Aware\AAWService . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\iTunes\iTunesHelper . exe C:\WINDOWS\system32\rundll32 . exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\Program Files\Windows Defender\MSASCui . exe C:\Program Files\Java\jre6\bin\jusched . exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\WINDOWS\system32\msiexec . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local;<local> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - C:\WINDOWS\retnsrp . dll (file missing) O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [BluetoothAuthenticationAgent] rundll32 . exe bthprops . cpl,,BluetoothAuthenticationAgent O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime O4 - HKLM\ . . \Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui . exe" -hide O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched . exe" O4 - HKLM\ . . \Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray . exe O4 - HKLM\ . . \Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan . exe /boot O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - Global Startup: DataViz Inc Messenger . lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe O4 - Global Startup: HotSync Manager . lnk = C:\Program Files\palmOne\Hotsync . exe O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos . scr/200 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper . dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1180234063187" target="_blank">update . microsoft . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService . exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe -- End of file - 7470 bytes |
craigdele (9370) | ||
| 769840 | 2009-05-07 01:54:00 | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;<local> Is there some sort of web filtering app (some internet security-type program) that is running as alocal proxy? If not, thats probably your connection issue. And is this PC part of an AD domain?? Seems odd to exclude .local traffic from the proxy settings if not. |
inphinity (7274) | ||
| 769841 | 2009-05-07 02:06:00 | Uninstall windows defender, its hopeless Tick these then tick fix checked Close browsers O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) I would uninstall adobe reader, and install something like Foxit PDF reader O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe You can tick these if you dont use the language bar O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe Then select all options under utilities, in trojan remover, then reboot. If something is still there, get malwarebytes below, update it then scan (get rid of ad-aware) |
Speedy Gonzales (78) | ||
| 769842 | 2009-05-07 02:24:00 | Check that no infections have changed/Added the proxy settings. Open Control Panel OR IE, Internet Options/ Connections Tab, Go down to LAN setting Button, open it and untick the Use proxy Server if its ticked. Try updating the antispyware - if it doesn't update then run them with out the updates first. |
wainuitech (129) | ||
| 769843 | 2009-05-08 06:39:00 | Okay I am back up and running normally . A big Thankyou to all those who replied . Most appreciated . Yes the proxy server was ticked in IE as it was in Firefox . It did not occur to me this would prevent software updates and installations . So Malware Bytes, Spybot S&R and Hijackthis were installed and run several times . Many trojans found . I also deleted Adobe Reader, Adware and Windows defender . I mainly use Linux and really like it . But I need to be cautious and careful when using windows . Hopefully I have learned and important lesson on security . Here is my final Hijackthis log . Thanks again Dele Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 5:38:14 PM, on 5/8/2009 Platform: Windows XP SP3 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\iTunes\iTunesHelper . exe C:\WINDOWS\system32\rundll32 . exe C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\Program Files\iPod\bin\iPodService . exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08 . exe C:\Program Files\Java\jre6\bin\jusched . exe C:\Program Files\Java\jre6\bin\jqs . exe C:\Program Files\Microsoft Visual Studio 9 . 0\Common7\IDE\VWDExpress . exe C:\Program Files\Common Files\Microsoft Shared\Help 9\dexplore . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local;<local> O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer . dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework . dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv . dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin . dll O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper . exe" O4 - HKLM\ . . \Run: [BluetoothAuthenticationAgent] rundll32 . exe bthprops . cpl,,BluetoothAuthenticationAgent O4 - HKLM\ . . \Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray . exe O4 - HKLM\ . . \Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2 . exe O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched . exe" O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer . exe O4 - Global Startup: DataViz Inc Messenger . lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr . exe O4 - Global Startup: HotSync Manager . lnk = C:\Program Files\palmOne\Hotsync . exe O4 - Global Startup: HP Digital Imaging Monitor . lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08 . exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos . scr/200 O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions . dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper . dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1180234063187" target="_blank">update . microsoft . com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - . macromedia . com/get/shockwave/cabs/flash/swflash . cab" target="_blank">fpdownload2 . macromedia . com O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc . - C:\Program Files\Java\jre6\bin\jqs . exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing . exe -- End of file - 7151 bytes |
craigdele (9370) | ||
| 1 2 | |||||