Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Help plz....Safe mode only boot that works

(New)
(!)

Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
26-Feb-2007, 02:07 AM #1
Help plz....Safe mode only boot that works
Logfile of HijackThis v1.99.1
Scan saved at 12:54:19 AM, on 2/26/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Deviltoes\Desktop\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\Windows\system32\opnnmlk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\Windows\system32\brjtnfgc.dll (file missing)
O2 - BHO: (no name) - {E9D8E652-0DAB-4637-BE8E-E14438E76390} - C:\Windows\system32\efeee.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\efeee.dll,CreateProtectProc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BE4A00-14D4-4410-A8B4-B07D60936120}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxxxvt - C:\Windows\SYSTEM32\cbxxxvt.dll
O20 - Winlogon Notify: efcaxvw - C:\Windows\SYSTEM32\efcaxvw.dll
O20 - Winlogon Notify: efccyvu - C:\Windows\SYSTEM32\efccyvu.dll
O20 - Winlogon Notify: efcyaxy - C:\Windows\SYSTEM32\efcyaxy.dll
O20 - Winlogon Notify: efeee - C:\Windows\system32\efeee.dll
O20 - Winlogon Notify: iifeebx - C:\Windows\SYSTEM32\iifeebx.dll
O20 - Winlogon Notify: opnnmlk - C:\Windows\SYSTEM32\opnnmlk.dll
O20 - Winlogon Notify: rqrspqq - C:\Windows\SYSTEM32\rqrspqq.dll
O20 - Winlogon Notify: xxyvvus - C:\Windows\SYSTEM32\xxyvvus.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CCProvSP - TODO: <Company name> - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ccprovsp.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195 (NetMsmqActivator) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
26-Feb-2007, 02:34 AM #2
Help plz....Safe mode only boot that works
Not sure what happend but I was trying to fix popup virus and it stoped booting in normal mode and everything I do will not work.....even tried system restore any help wiould be great.... here is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 12:54:19 AM, on 2/26/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Deviltoes\Desktop\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\Windows\system32\opnnmlk.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\Windows\system32\brjtnfgc.dll (file missing)
O2 - BHO: (no name) - {E9D8E652-0DAB-4637-BE8E-E14438E76390} - C:\Windows\system32\efeee.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [Winsystem] C:\Windows\system32\winsystem16.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [Winsystem] C:\Windows\system32\winsystem16.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\efeee.dll,CreateProtectProc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BE4A00-14D4-4410-A8B4-B07D60936120}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: cbxxxvt - C:\Windows\SYSTEM32\cbxxxvt.dll
O20 - Winlogon Notify: efcaxvw - C:\Windows\SYSTEM32\efcaxvw.dll
O20 - Winlogon Notify: efccyvu - C:\Windows\SYSTEM32\efccyvu.dll
O20 - Winlogon Notify: efcyaxy - C:\Windows\SYSTEM32\efcyaxy.dll
O20 - Winlogon Notify: efeee - C:\Windows\system32\efeee.dll
O20 - Winlogon Notify: iifeebx - C:\Windows\SYSTEM32\iifeebx.dll
O20 - Winlogon Notify: opnnmlk - C:\Windows\SYSTEM32\opnnmlk.dll
O20 - Winlogon Notify: rqrspqq - C:\Windows\SYSTEM32\rqrspqq.dll
O20 - Winlogon Notify: xxyvvus - C:\Windows\SYSTEM32\xxyvvus.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CCProvSP - TODO: <Company name> - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ccprovsp.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195 (NetMsmqActivator) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,399 posts.
 
Join Date: Jan 2002
Location: NY
26-Feb-2007, 03:20 AM #3
Hi, I've merged your two threads to one, we allow you only one thread to work in for the same issue, please continue all replies etc here...someone will help you but it may not be until morning, US time...

I can't help and there are not many who can with a Vista OS, so be patient.

I'm not sure if Vista would allow a boot in Safe Mode with networking but restart and try that, it allows use of the Internet. Log onto your usual account.

Try this:

http://www.mwti.net/products/mwav/mwav.asp < download

http://www.msspl.co.in/products/mwav/mwav.asp

It's compatible with 32 and 64 bit Vista....
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!

Last edited by Byteman; 26-Feb-2007 at 11:47 AM..
Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
26-Feb-2007, 03:49 AM #4
Smile solved boot issues
somehow it fixed itself...will post new thread with new probs
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,399 posts.
 
Join Date: Jan 2002
Location: NY
26-Feb-2007, 11:19 AM #5
Hi, I don't think that problem fixed itself- what did you do, scan with antivirus?

Last edited by Byteman; 26-Feb-2007 at 11:46 AM..
Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
26-Feb-2007, 02:46 PM #6
lol...thought prob was fixed
i dont get y this is happining but when i plug in my power cord i can get into windows "normal" mode but when i unplug my power cord,even when windows is running i get the fatel blue screen....so as long as im plugged in i get windows otherwise i get safe mode only...........and if neone can help i have mundo virus winsystem16.exe but it does not exist as file...so im lost...if neone can help that would b great
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,399 posts.
 
Join Date: Jan 2002
Location: NY
26-Feb-2007, 03:48 PM #7
Hi,

We need you to rename the file hijackthis.exe to tool.exe and run it again and post a log.

You have an infection (Vundo, not mundo) that can hide files from Hijackthis.


Also, download this and do the following:




Download and run VundoFix: Vundo Fix
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task (your version may not have this option just continue to run VundoFix)
.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log



1. Please download The Avenger by Swandog46 to your Desktop.
  • Right Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop so avenger.exe shows on your Desktop.

We will use Avenger later, don't do anything with it yet!

Last edited by Byteman; 26-Feb-2007 at 04:46 PM..
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
 
Join Date: Jul 2002
Location: Thomasville, NC
26-Feb-2007, 09:43 PM #8
You have started three threads for this same problem. DO NOT start another new thread for this same problem. You need to contunue this HERE in this thread. Make ALL posts regarding this matter in this thread. Continue posting all replies here until Byteman declares that you are finished here.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
27-Feb-2007, 03:26 AM #9
VundoFix V6.3.9

Checking Java version...

Scan started at 12:07:26 AM 2/27/2007

Listing files found while scanning....

C:\Windows\System32\cbxxxvt.dll
C:\Windows\System32\efcaxvw.dll
C:\Windows\System32\efccyvu.dll
C:\Windows\System32\efcyaxy.dll
C:\Windows\System32\iifeebx.dll
C:\Windows\System32\opnnmlk.dll
C:\Windows\System32\rqrspqq.dll
C:\Windows\System32\xxyvvus.dll

Beginning removal...

Attempting to delete C:\Windows\System32\cbxxxvt.dll
C:\Windows\System32\cbxxxvt.dll Has been deleted!

Attempting to delete C:\Windows\System32\efcaxvw.dll
C:\Windows\System32\efcaxvw.dll Has been deleted!

Attempting to delete C:\Windows\System32\efccyvu.dll
C:\Windows\System32\efccyvu.dll Has been deleted!

Attempting to delete C:\Windows\System32\efcyaxy.dll
C:\Windows\System32\efcyaxy.dll Has been deleted!

Attempting to delete C:\Windows\System32\iifeebx.dll
C:\Windows\System32\iif

my screen went blank and i thought it was done after like 15-20 mins but i guess it wasnt. after i restarted my comp and checked the log and seen that it hadn't finished so i ran it again "vundofix" and it didnt not find nething....and here is my hijack log

not sure y it says "unknown windows" for platform in hijack but it is vista

Logfile of HijackThis v1.99.1
Scan saved at 2:24:07 AM, on 2/27/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Deviltoes\Desktop\hijack\tool.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.adobe.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{45BE4A00-14D4-4410-A8B4-B07D60936120}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B85BB4F2-22AF-4429-AD09-B9CE23CD8437}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljjklkl - C:\Windows\SYSTEM32\ljjklkl.dll
O20 - Winlogon Notify: nnnonki - C:\Windows\SYSTEM32\nnnonki.dll
O20 - Winlogon Notify: pmnmmkk - C:\Windows\SYSTEM32\pmnmmkk.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CCProvSP - TODO: <Company name> - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ccprovsp.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195 (NetMsmqActivator) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Ewok2040's Avatar
Ewok2040 Ewok2040 is offline
Computer Specs
Junior Member with 26 posts.
THREAD STARTER
 
Join Date: Feb 2007
Experience: Intermediate
27-Feb-2007, 03:30 AM #10
also avenger will not run on my system......not supported by vista only win2000 and xp
Byteman's Avatar
Byteman   (Bill) Byteman is offline Byteman is authorized to help remove malware. Byteman has a Profile Picture
Moderator & Malware Removal Specialist with 17,399 posts.
 
Join Date: Jan 2002
Location: NY
27-Feb-2007, 07:20 PM #11
Hi, Hijackthis: sometimes it shows unknown, sometimes it shows Vista, but it still works fairly well- it will be updated to cover things in time.


Please follow the same steps and run VundoFix again:
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task (your version may not have this option just continue to run VundoFix)
    .
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑