Virus, pop ups, slow speed

AudiPlayer · 02-28-2007, 11:02 PM

Problem: I'd run the fixvundo.exe or whatevr and id get C++ runtime error for the program, id hit okay, and it pop up like 9 times and then finally it'd go away and keep scanning.

AudiPlayer · 03-01-2007, 12:36 AM

Update: Can't remove virus.. Says terminated, and suspended?...

PC eye · 03-01-2007, 03:23 AM

That could be from being quaranteened by a program. Once you know the location of a quaranteened file you can manually delete that easy enough. The idea of booting up into safe mode is for loading only the bare essentials needed for the Windows desktop and essentials. Nothing else loads at this time including softwares or drivers for programs and hardwares. This allows manual removal of various things including malwares in order to repair the current installation.

The problem with seeing the virus return is that only startup values in the system registry were removed while the virus and the infected files still remain. Log files only show how to entries and not clean "bugs" off of the drive itself. This is why the initial advice for attempting a manual removal when booted into safe mode was given. But it seems like you need a "House Call" by Trend Micro's own free online system doctor. http://housecall.trendmicro.com/

AudiPlayer · 03-03-2007, 01:18 AM

Hello,

Can you please give me step by step instructions for a computer noobie please, I believe the virus is gone, but i keep getting more virus notifications saying some were deleted.like weird virus name from vundo.

Also when I go to tred micro I stat the scan but nothing happens it looks like it just loads the page... nothing happens.

Thank you.

PC eye · 03-03-2007, 10:41 AM

I remember having a problem getting the scan to work when first tried and downloaded the 30day trial version. This will include an antivirus program that will require removing any other already installed including AVG. But it also contains a personal firewall as well as adware/spyware removers. With it installed already you shouldn't have a problem with the House Call scanner. If you can post another HT log that will help a little.

AudiPlayer · 03-03-2007, 06:31 PM

I went and deleted a lot of "nasty" stuff running several different spyware/adware programs, and uninstalled a lot of unwanted programs and rewrote the state up programs (which ones will start running on start up) >. it was at 12% free RAM when i got done booting up my computr.

how do iget the 30 day thing? i cant even get anything to work on that site, I even disable my firewall

Logfile of HijackThis v1.99.1
Scan saved at 10:31:24 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XP Tools\xptools.exe
C:\Program Files\XP Tools\xptools.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Zach\Local Settings\Temp\wz1693\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [BirdCreativeDebugPhone] "C:\Documents and Settings\All Users\Application Data\aceintrabirdcreative\deletemeet.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\inndwjbx.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000229 (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe

Again thank you.
Here is the new hijack file view:

PC eye · 03-04-2007, 02:28 AM

Once you reach the site like any other software you go to the products+services tab to look over their list of antivirus and other products and click on the trial version link for the new Trend Micro Antivirus plus Antispyware 2007 - Vista Certified to get to http://www.trendmicro.com/en/product...uate/trial.htm

You still have a few things to deal with seen in this log.

C:\WINDOWS\system32\svchosts.exe You should fix it and try to delete it manually. "Backdoor.SdBot"

This one is seen twice in the log and has to go.

"C:\WINDOWS\lsass.exe" and
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe

O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000229 (file missing)

The next two are optional since they are inactive but not malware.

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

But get rid of that Webroot's Spy Sweeoer crap. That does more to invite adwares and the like then remove any. When going to install the evalution copy of Trend Micro's new version it will automatically require the removal of any existing antivirus tools you have installed now and then proceed to restart the system in order to complete the installation. I thought you would want to know this first off. If you don't eventually go with the full version uninstall it and go for something else like AVG. Symantec will have to go as well since this will require removing that as well.

**Buzz1927** · 03-04-2007, 10:17 AM

AudiPlayer, rename Hijackthis to something else, as long as it ends in .exe, and post a new Hijackthis log.

**Buzz1927** · 03-04-2007, 10:29 AM

Quote:

Originally Posted by PC eye

But get rid of that Webroot's Spy Sweeoer crap. That does more to invite adwares and the like then remove any.

Where the hell do you get your information? Spysweeper is one of, if not the, best programs out there. You make a big deal about your beloved Spyware Terminator having an award from PC World, Spysweeper has got a hatful of them, along with many other awards. Please back up what you say, or don't post!

PC eye · 03-04-2007, 11:12 AM

Quote:

Originally Posted by Buzz1927

Where the hell do you get your information? Spysweeper is one of, if not the, best programs out there. You make a big deal about your beloved Spyware Terminator having an award from PC World, Spysweeper has got a hatful of them, along with many other awards. Please back up what you say, or don't post!

"Overall this is a very well put together program and looks as good as it works. However there are still plenty of spyware removers that do just as good a job as this and are free to boot. This puts the program at a disadvantage in a market stacked against it." http://www.scmagazine.com.au/review/spy-sweeper.aspx

http://img85.imageshack.us/img85/816...abilityra9.jpg at http://www.derkeiler.com/Mailing-Lis...4-12/0018.html

"Webroot Software Spy Sweeper Enterprise Local Privilege Escalation Vulnerability

Spy Sweeper Enterprise is reported prone to a local privilege escalation vulnerability. This vulnerability arises due to a design error causing the software to launch a help application with SYSTEM privileges.

Spy Sweeper Enterprise 1.5.1 is reported vulnerable to this issue, however, it is possible that other versions are affected as well" http://www.securityfocus.com/bid/12065/discuss

http://img354.imageshack.us/img354/9...nerablecr5.jpg at http://www.securiteam.com/windowsntf...P00O0AC0Q.html

Those are just a few.

03-04-2007, 10:17 AM	#8 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	AudiPlayer, rename Hijackthis to something else, as long as it ends in .exe, and post a new Hijackthis log. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
problems with pop ups	charger1966	Computer Security	10	12-31-2005 03:14 AM
Horrible Virus and Other Programs! PLEASE HELP!	julien5362	Computer Security	5	10-13-2005 11:22 AM
slow wireless	jopache1	Computer Networking and Servers	14	06-19-2005 11:42 PM
7Ghz barrier and Fibre Optics.	tomprice43	CPUs and Overclocking	58	02-17-2005 08:19 AM
slow cd-rom speed in winxp?	ajsie	General Computer Chat	1	07-16-2004 06:42 AM

02-28-2007, 11:02 PM	#1 (permalink)
AudiPlayer Silver Member Join Date: Dec 2006 Posts: 105	Problem: I'd run the fixvundo.exe or whatevr and id get C++ runtime error for the program, id hit okay, and it pop up like 9 times and then finally it'd go away and keep scanning.

03-01-2007, 12:36 AM	#2 (permalink)
AudiPlayer Silver Member Join Date: Dec 2006 Posts: 105	Update: Can't remove virus.. Says terminated, and suspended?...

03-01-2007, 03:23 AM	#3 (permalink)
PC eye banned Join Date: Apr 2006 Posts: 21,091	That could be from being quaranteened by a program. Once you know the location of a quaranteened file you can manually delete that easy enough. The idea of booting up into safe mode is for loading only the bare essentials needed for the Windows desktop and essentials. Nothing else loads at this time including softwares or drivers for programs and hardwares. This allows manual removal of various things including malwares in order to repair the current installation. The problem with seeing the virus return is that only startup values in the system registry were removed while the virus and the infected files still remain. Log files only show how to entries and not clean "bugs" off of the drive itself. This is why the initial advice for attempting a manual removal when booted into safe mode was given. But it seems like you need a "House Call" by Trend Micro's own free online system doctor. http://housecall.trendmicro.com/

03-03-2007, 01:18 AM	#4 (permalink)
AudiPlayer Silver Member Join Date: Dec 2006 Posts: 105	Hello, Can you please give me step by step instructions for a computer noobie please, I believe the virus is gone, but i keep getting more virus notifications saying some were deleted.like weird virus name from vundo. Also when I go to tred micro I stat the scan but nothing happens it looks like it just loads the page... nothing happens. Thank you.

03-03-2007, 10:41 AM	#5 (permalink)
PC eye banned Join Date: Apr 2006 Posts: 21,091	I remember having a problem getting the scan to work when first tried and downloaded the 30day trial version. This will include an antivirus program that will require removing any other already installed including AVG. But it also contains a personal firewall as well as adware/spyware removers. With it installed already you shouldn't have a problem with the House Call scanner. If you can post another HT log that will help a little.

03-03-2007, 06:31 PM	#6 (permalink)
AudiPlayer Silver Member Join Date: Dec 2006 Posts: 105	I went and deleted a lot of "nasty" stuff running several different spyware/adware programs, and uninstalled a lot of unwanted programs and rewrote the state up programs (which ones will start running on start up) >. it was at 12% free RAM when i got done booting up my computr. how do iget the 30 day thing? i cant even get anything to work on that site, I even disable my firewall Logfile of HijackThis v1.99.1 Scan saved at 10:31:24 AM, on 3/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\program files\support.com\client\bin\tgcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\svchosts.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\XP Tools\xptools.exe C:\Program Files\XP Tools\xptools.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\lsass.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\net.exe C:\WINDOWS\system32\net1.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Zach\Local Settings\Temp\wz1693\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [VAIO Recovery] "C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [BirdCreativeDebugPhone] "C:\Documents and Settings\All Users\Application Data\aceintrabirdcreative\deletemeet.exe" O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\inndwjbx.dll",setvm O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000229 (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe Again thank you. Here is the new hijack file view:

03-04-2007, 02:28 AM	#7 (permalink)
PC eye banned Join Date: Apr 2006 Posts: 21,091	Once you reach the site like any other software you go to the products+services tab to look over their list of antivirus and other products and click on the trial version link for the new Trend Micro Antivirus plus Antispyware 2007 - Vista Certified to get to http://www.trendmicro.com/en/product...uate/trial.htm You still have a few things to deal with seen in this log. C:\WINDOWS\system32\svchosts.exe You should fix it and try to delete it manually. "Backdoor.SdBot" This one is seen twice in the log and has to go. "C:\WINDOWS\lsass.exe" and O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000229 (file missing) The next two are optional since they are inactive but not malware. O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) But get rid of that Webroot's Spy Sweeoer crap. That does more to invite adwares and the like then remove any. When going to install the evalution copy of Trend Micro's new version it will automatically require the removal of any existing antivirus tools you have installed now and then proceed to restart the system in order to complete the installation. I thought you would want to know this first off. If you don't eventually go with the full version uninstall it and go for something else like AVG. Symantec will have to go as well since this will require removing that as well.