SpywareInfo Forum: Computer slowing down and now Runtime error on startup - SpywareInfo Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Computer slowing down and now Runtime error on startup

#1 User is offline   Hippie459MN Icon

  • Member
  • Pip
  • Group: Full Member
  • Posts: 8
  • Joined: 08-October 07

Posted 08 August 2009 - 09:30 PM

I used Reg Mechanics to clean up my registry as I do every so often and after I ran it today I restarted my computer and now I get this runtime error shown below. I did goto the device manager with the dialog box still open and the process turned out to be smss.exe but noticed the location of the smss.exe in the Hijackthis log does not look right at all. Also, Over the last month or so my computer has really started slowing down alot.

Runtime Error:
http://i25.tinypic.com/2dvoo6g.jpg

Here is my HijackThis Log:
==================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:37 PM, on 8/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\System\smss.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: autostart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SAiAdmin - TODO: <Company name> - C:\Windows\System32\SAiAdmin.exe
O23 - Service: SAiDownloaderVista - TODO: <Company name> - C:\Windows\System32\SAiDownloaderVista.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Hippie\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10403 bytes
==================================================

Any help on anything would be great. My NOD32 doesnt find anything or anything.

Thank you.

Hippie459MN, you also made the same request for assistance at Bleeping Computer:
http://www.bleepingc...opic248101.html

Requesting help at multiple forums wastes the time of the Helper at one of the sites (and their time is our greatest resource), and can cause you problems when following directions from two different sources unaware other the other help being offered. You need to decide which site you want to continue with for assistance, and request that the topic on the other site be closed.

This post has been edited by TheJoker: 13 August 2009 - 09:53 PM
Reason for edit: Note added on duplicate help requests

#2 User is offline   SWI Support Robot Icon

  • Helper robot
  • PipPipPipPipPip
  • Group: SWI Bot
  • Posts: 22,952
  • Joined: 12-July 06

Posted 11 August 2009 - 09:44 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 20 August 2009 - 05:17 AM

As you have not requested that one of the requests for help be closed to prevent duplication of help as instructed, I have closed your topic.

[Reopened]

Thanks for closing the topic at BleepingComputer. http://www.bleepingc...d...t&p=1391884

This post has been edited by cnm: 20 August 2009 - 11:00 AM

Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#4 User is offline   cnm Icon

  • Mother Lion of SWI
  • PipPipPipPipPip
  • Group: Administrators
  • Posts: 15,178
  • Joined: 15-May 04

Posted 20 August 2009 - 10:55 AM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
Alliance of Security Analysis Professionals

#5 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 20 August 2009 - 10:22 PM

Hi Hippie459MN

I see that you closed the other request for the same problem at Bleeping Computer. :thumbup:

I don't recommend the use of Registry Cleaners.
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Private Data).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

I see you have Viewpoint installed...
Viewpoint Manager is considered to be foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change though, please read this article:
http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Reboot afterwards. <-- Important!

If you chose to uninstall Viewpoint, after rebooting, using Windows Explorer delete the following folder if still there:
C:\Program Files\Viewpoint

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.

  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Press Control-Alt-Del to enter the Task Manager.
Click on the Processes tab and end the following process:
C:\Program Files\Common Files\System\smss.exe
Exit the Task Manager when finished.

Using Windows Explorer, delete the following file:
C:\Program Files\Common Files\System\smss.exe

In Internet Explorer, please run the BitDefender online scan at BitDefender.com
You will need to allow an ActiveX control to install for the scan to run.
Leave the scanning options at default and press "click here to scan"
When finished scanning, click on "click here to export the scan report"
Save it to your desktop, at "file name" type in "bdscan" then click save.
Please post the log in your next reply.

Do you know what program these entries are related to?
O23 - Service: SAiAdmin - TODO: <Company name> - C:\Windows\System32\SAiAdmin.exe G
O23 - Service: SAiDownloaderVista - TODO: <Company name> - C:\Windows\System32\SAiDownloaderVista.exe

Please post a new HijackThis log, the log from MBAM, the log from BirDefender's online scan, and note any errors encountered.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#6 User is offline   Hippie459MN Icon

  • Member
  • Pip
  • Group: Full Member
  • Posts: 8
  • Joined: 08-October 07

Posted 25 August 2009 - 10:18 PM

Just letting you know I am still here. Been super busy with work and havent had a chance to even turn that computer on really. I will work on this tomorrow for sure though. Thank you again for your help. :)

#7 User is offline   jedi Icon

  • Amare et sapere vix deo conceditur
  • PipPipPipPipPip
  • Group: Administrators
  • Posts: 14,355
  • Joined: 16-June 04

Posted 29 August 2009 - 12:02 PM

TheJoker is away for a few days, I will be keeping an eye on this topic.

jedi
jedi
Member of ASAP since 2005


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 06 September 2009 - 12:55 PM

I'm back.

Have you had a chance to make any progress on the previous instructions?
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#9 User is offline   Hippie459MN Icon

  • Member
  • Pip
  • Group: Full Member
  • Posts: 8
  • Joined: 08-October 07

Posted 06 September 2009 - 01:03 PM

Sorry, Been busy working out of town but should be back at this today or tomorrow sometime. :)

#10 User is offline   Hippie459MN Icon

  • Member
  • Pip
  • Group: Full Member
  • Posts: 8
  • Joined: 08-October 07

Posted 15 September 2009 - 08:09 PM

View PostTheJoker, on Aug 20 2009, 10:22 PM, said:

Do you know what program these entries are related to?
O23 - Service: SAiAdmin - TODO: <Company name> - C:\Windows\System32\SAiAdmin.exe G
O23 - Service: SAiDownloaderVista - TODO: <Company name> - C:\Windows\System32\SAiDownloaderVista.exe

Please post a new HijackThis log, the log from MBAM, the log from BirDefender's online scan, and note any errors encountered.


Sorry it took so long. Been super busy with work and having a newborn now (5 weeks old today) its tough to find any free time.

As for the two entries I am not sure but think they have to do with Flexi 8 (vinyl sign printhing software) that I had installed at one time as its from SAi International (http://www.saintl.biz/index.asp). I dont think it ever fully uninstalled as it had troubles right from the start so I changed to different software for my vinyl cutter.

I have done all of the above except the bit defender scan. I will be doing that tonight and will post it as soon as its done.

I have also upgraded my Vista to SP2 since my initial post.

HijackThis Log
==========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:57 PM, on 9/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet

Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1

\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0

\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12

\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0

\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common

Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide

/waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User

'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet

Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program

Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download

Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-

9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1

\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} -

C:\Windows\System32\DreamScene.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) -

Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart

Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart

Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program

Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -

C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital

Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home

10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio

Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program

Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SAiAdmin - TODO: <Company name> - C:\Windows\System32\SAiAdmin.exe
O23 - Service: SAiDownloaderVista - TODO: <Company name> - C:\Windows\System32

\SAiDownloaderVista.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program

Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc -

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection

Server\WinNT\spnsrvnt.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Hippie\AppData\Local\Temp\DX9

\SessionLauncher.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2

\TomTomHOMEService.exe

--
End of file - 10259 bytes


MalwareBytes Log (Most current log)
========================
Malwarebytes' Anti-Malware 1.40
Database version: 2721
Windows 6.0.6002 Service Pack 2

9/15/2009 5:06:34 PM
mbam-log-2009-09-15 (17-06-34).txt

Scan type: Quick Scan
Objects scanned: 91103
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MalwareBytes Log (Initial log doing full scan)
=============================
Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 6.0.6001 Service Pack 1

8/21/2009 2:16:33 PM
mbam-log-2009-08-21 (14-15-58).txt

Scan type: Full Scan (C:\|)
Objects scanned: 592672
Time elapsed: 3 hour(s), 30 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\bazisomi\bazisomi.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\bikubuyu\bikubuyu.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\daleseso\daleseso.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\deboyeyu\deboyeyu.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\lilozozi\lilozozi.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\lowupasa\lowupasa.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\munurame\munurame.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\nufekaro\nufekaro.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\nuwolili\nuwolili.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\pajoyoza\pajoyoza.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\pepisavu\pepisavu.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\rerawayu\rerawayu.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\rumabajo\rumabajo.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\sefijira\sefijira.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\subarako\subarako.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\tihatulu\tihatulu.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\tolufobi\tolufobi.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\varabefa\varabefa.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\vigakimo\vigakimo.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\vubodela\vubodela.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\yidofele\yidofele.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\yogogiti\yogogiti.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\zatusilo\zatusilo.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\zezurula\zezurula.dll (Trojan.Vundo) -> No action taken.
C:\ProgramData\zubibana\zubibana.dll (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\CryptLoad_1.1.0\router\FRITZ!Box\nc.exe (PuP.Keylogger) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVUCAOD4\logo[1].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVUCAOD4\logo[2].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVUCAOD4\logo[3].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DVUCAOD4\logo[4].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2H15AJ5\logo[1].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E2H15AJ5\logo[2].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[2].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[3].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[4].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[5].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[6].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[7].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[8].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[9].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[10].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LZ78XV21\logo[1].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[10].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[11].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[1].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[2].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[3].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[4].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[5].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[6].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[7].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[8].htm (Trojan.Vundo) -> No action taken.
C:\Users\Hippie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQDAAJU4\logo[9].htm (Trojan.Vundo) -> No action taken.

#11 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 16 September 2009 - 04:59 AM

Quote

I have also upgraded my Vista to SP2 since my initial post.

In general, that should not be done on an infected system as it can sometimes create problems. Too late now. Making changes (and installing a Service Pack is a large change) also makes it more difficult to track errors as you introduce a very large change in the middle of troubleshooting.

When you post your HijackThis log, if you are using Notepad, please turn off Word Wrap. That is probably what caused all the extra line breaks in your log.

After you finish the BitDefender log, please do this:

Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply.

Please post a new HijackThis log, the log from BitDefender's online scan, and in a second reply (due to length) the log from ComboFix (combofix.txt), and note any errors encountered.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#12 User is offline   Hippie459MN Icon

  • Member
  • Pip
  • Group: Full Member
  • Posts: 8
  • Joined: 08-October 07

Posted 16 October 2009 - 11:03 AM

Go ahead and lock this. I got most of my issues figured out enough to get me by a little while then I am going to be upgrading to Windows 7 on a brand new drive next week. Thank you for all the help though. It fixed most my issues. :D

This post has been edited by Hippie459MN: 16 October 2009 - 11:04 AM

#13 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 16 October 2009 - 05:25 PM

I'm glad you got most of it worked out.

If you ran ComboFix:
Go to start > run and copy and paste next command in the field:
ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

When you install Windows 7 on the new drive, if you still have the other drive installed and have difficulty installing it, try disabling the secondary drive temporarily by disconnecting either it's power or data cable, or by disabling it in your system BIOS. I've had two completely different systems that had problems with the installation, and both system's issues were solved by temporarily disabling the second hard drive.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#14 User is offline   TheJoker Icon

  • Forum Deity
  • PipPipPipPipPip
  • Group: Global Moderator
  • Posts: 11,864
  • Joined: 21-February 05

Posted 01 November 2009 - 02:08 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / Free avast! 4 Home Edition
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster / HijackThis
Firewall: Sunbelt Personal Firewall / ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


Support the forum!