| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 75271 | 2006-12-23 01:48:00 | win32.exe | parapa05 (11651) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 508861 | 2006-12-23 01:48:00 | I have this trojan I guess it is a trojan, the problem I'm having is that even thou I have restored my computer this still coming, also my antivirus is detecting : BKDR VB.KL can somone please help. | parapa05 (11651) | ||
| 508862 | 2006-12-23 02:09:00 | Get Hijackthis (www.merijn.org) and unzip it, then run it. Then click on scan and save a log. And copy and paste the log here. I would also disable system restore for now, and try it in safe mode, if it wont go away in normal mode. Or get Spybot (www.spybot.info) And the detection updates, install both (Spybot first), then run then do a scan. Remove anything that it picks up. |
Speedy Gonzales (78) | ||
| 508863 | 2006-12-23 02:32:00 | WOW first thank you you are the first one trying to help me. Please keep in mind I'm not good with computers, but I can try hard to follow instructions. here is the log: Logfile of HijackThis v1.99.1 Scan saved at 10:21:29 PM, on 12/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\HP_Owner\Local Settings\Temp\wzbf51\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ie.redirect.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.aliant.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ie.redirect.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.trendmicro.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Pavilion\XPHWWBF4Duet\plugin\ bin\PCHButton.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe O4 - Startup: MSWINSCK.OCX O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: SYSINFO.OCX O4 - Startup: Win32.dll O4 - Startup: Windows SN sk.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ca\bin\WindowsSearch.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{59BAA84A-8D80-4AEA-8B99-8EAFA9D1660F}: NameServer = 198.164.30.62 198.164.4.62 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe |
parapa05 (11651) | ||
| 508864 | 2006-12-23 02:35:00 | I have just grabbed the link of HiJack this for future reference. :) Edit: parapa05 Mozilla 2.0 kills Internet Exploder. |
winmacguy (3367) | ||
| 508865 | 2006-12-23 02:47:00 | Hello, I just read your reply, and sorry I'm not good at computers, what do you mean? |
parapa05 (11651) | ||
| 508866 | 2006-12-23 02:54:00 | Run HJT again, tick these entries and tick fix checked. O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe - Uninstall this version. The update is here (sdlc4a.sun.com AC14A074931) The 1st download. O4 - Startup: Win32.dll <-- Delete this file in safe mode. O4 - Startup: Windows SN sk.exe <- Delete this file in safe mode. O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Startup: MSWINSCK.OCX 04 - Startup: SYSINFO.OCX |
Speedy Gonzales (78) | ||
| 508867 | 2006-12-23 02:55:00 | Hello, I just read your reply, and sorry I'm not good at computers, what do you mean? Forget what Winmac said. |
Speedy Gonzales (78) | ||
| 508868 | 2006-12-23 03:24:00 | Thank you, Just a couple of questions: 1 - the first download: O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe - Uninstall this version. The update is here, do I need to delete this in safe mode to? and what file do I download? 2 - The other items: all in safe mode and I just run HJT and selec them click " fixed checked? Sorry to take advantage of your time, this is very appreciated. |
parapa05 (11651) | ||
| 508869 | 2006-12-23 03:37:00 | Thank you, Just a couple of questions: 1 - the first download: O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe - Uninstall this version. The update is here, do I need to delete this in safe mode to? and what file do I download? You download the first file on the link I posted. The 12mb one. The above entry isn't nasty, so it can be ticked either in safe mode, or normal Windows. 2 - The other items: all in safe mode and I just run HJT and select them click " fixed checked? Sorry to take advantage of your time, this is very appreciated. Thats right tick fix checked for the other entries in safe mode, and search for Win32.dll and Windows SN sk.exe. And delete them in safe mode. |
Speedy Gonzales (78) | ||
| 508870 | 2006-12-23 05:26:00 | This is great!!! Thank you very much, just one more thing and promise to leave you alone to help others, the link to the file to download, I really don't now which file that is, it gives me different categories. Please help me one more time. Thank you;) |
parapa05 (11651) | ||
| 1 2 | |||||