| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 91108 | 2008-06-26 16:24:00 | rundll.exe, userinit.exe explorer.exe won't start? | WarZari (13900) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 682737 | 2008-06-26 16:24:00 | i get a pop up and it says Microsoft C++ Explorer.exe Buffer overrun this program must be terminatet or something like that. i get an error when i start windows too with the rundll, userinit, explorer.exe and it did'nt start as normal ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:14, on 26-06-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE F:\LGDCore.exe F:\LCDMon.exe C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe F:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe F:\Applets\LCDClock.exe C:\Programmer\DAEMON Tools Lite\daemon.exe F:\Applets\LCDCountdown\LCDCountdown.exe F:\Applets\LCDPop3\LCDPOP3.exe F:\Applets\LCDMedia.exe F:\SetPoint\SetPoint.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Launch LGDCore] "F:\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "F:\LCDMon.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [{6E-E6-63-3E-DW}] C:\windows\system32\jnwnw64s.exe DWram O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\WarZari\lsass.exe O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm.exe DWram O4 - HKLM\..\Run: [{80ae3b6e-eb09-17e8-910f-10fbebc1724a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f749d05e-cc20-bdfb-0957-b654ddb08e64}.dll" DllStart O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092C BD44BD8689220221DD3257 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BM57c5d50d] Rundll32.exe "C:\WINDOWS\system32\shrarjhw.dll",s O4 - HKLM\..\Run: [54f6e691] rundll32.exe "C:\WINDOWS\system32\qaosrgxi.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] F:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BullGuard.lnk = C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - support.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O18 - Protocol: bw+0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: nlkpfije.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 16025 bytes maybe someone know a bit more than i do :)? |
WarZari (13900) | ||
| 682738 | 2008-06-26 21:08:00 | Youve got worms, and a Vundo infection tick these then tick fix checked Disable system restore Uninstall all versions of Java, your is out if date . link is in my sig Close browsers O4 - HKLM\ . . \Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1 . 5 . 0_06\bin\jusched . exe O4 - HKLM\ . . \Run: [{6E-E6-63-3E-DW}] C:\windows\system32\jnwnw64s . exe DWram O4 - HKLM\ . . \Run: [LSA Shellu] C:\Documents and Settings\WarZari\lsass . exe (this maybe a mass mailing worm) . DONT use email till you fix this log . Or follow this ( . symantec . com/security_response/writeup . jsp?docid=2005-042116-5517-99&tabid=3" target="_blank">www . symantec . com) O4 - HKLM\ . . \Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntokdm . exe DWram O4 - HKLM\ . . \Run: [{80ae3b6e-eb09-17e8-910f-10fbebc1724a}] C:\WINDOWS\System32\Rundll32 . exe "C:\WINDOWS\system32\{f749d05e-cc20-bdfb-0957-b654ddb08e64} . dll" DllStart O4 - HKLM\ . . \Run: [runner1] C:\WINDOWS\mrofinu1188 . exe 61A847B5BBF72813339330466188719AB689201522886B092C BD44BD8689220221DD3257 O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [BM57c5d50d] Rundll32 . exe "C:\WINDOWS\system32\shrarjhw . dll",s O4 - HKLM\ . . \Run: [54f6e691] rundll32 . exe "C:\WINDOWS\system32\qaosrgxi . dll",b O4 - HKCU\ . . \Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer . exe O20 - AppInit_DLLs: nlkpfije . dll Get trojan remover in my sig after, install it update it then click on scan . Ten select all options under the utilities menu . Then open my computer . Highlight c / properties, thwen scan with trojan remover Then get a better AV program / firewall . Then update Windows |
Speedy Gonzales (78) | ||
| 682739 | 2008-06-27 14:15:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:18:14, on 27-06-2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\SOUNDMAN.EXE F:\LGDCore.exe F:\LCDMon.exe C:\WINDOWS\system32\ctfmon.exe F:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe F:\Applets\LCDClock.exe F:\Applets\LCDCountdown\LCDCountdown.exe F:\Applets\LCDPop3\LCDPOP3.exe F:\SetPoint\SetPoint.exe F:\Applets\LCDMedia.exe C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmer\Fælles filer\Logitech\KHAL\KHALMNPR.EXE F:\Programmer\Steam\steam.exe C:\WINDOWS\explorer.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmer\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Launch LGDCore] "F:\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "F:\LCDMon.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] F:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BullGuard.lnk = C:\Programmer\BullGuard Ltd\BullGuard\BullGuard.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.download.microsoft.com O15 - Trusted Zone: http://*.update.microsoft.com O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - support.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O18 - Protocol: bw+0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {6F77094F-10AA-4F1D-9B46-FADC882498A5} - F:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe O23 - Service: BGRaSvc - BullGuard - C:\Programmer\BullGuard Ltd\BullGuard\support\bgrasvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 14712 bytes Does i look beter now? :) i've done all the things you said |
WarZari (13900) | ||
| 682740 | 2008-06-27 14:23:00 | aint bullguard good ? as a firewall program? | WarZari (13900) | ||
| 682741 | 2008-06-27 19:09:00 | I've never used Bullguard myself You can keep it if you want, but if you want better protection Comodo (in my sig) maybe a better choice . It'll probably popup a lot more tho . Asking you to allow whatever . Log looks better / clean to me now, :thumbs: Is it still crashing??? I would also get a virus scanner . If Bullguard doesnt include one Avast Home is free ( . com/eng/avast_4_home . html" target="_blank">avast . com) Then go here ( . com/eng/home-registration . php" target="_blank">avast . com) To extend the registration . Fill in the form and it'll send you a key After you install Avast, reboot, right mouse on the a in the taskbar / about . Click on licence key . Copy and paste the key you get by email here . |
Speedy Gonzales (78) | ||
| 1 | |||||