1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I reckon i have a virus!

Discussion in 'Virus & Other Malware Removal' started by Dudeofthed, Sep 21, 2008.

Thread Status:
Not open for further replies.
  1. Dudeofthed

    Dudeofthed Thread Starter

    Joined:
    Jun 24, 2007
    Messages:
    187
    Hey guys, recently i had posted on this forum about my Taskbar disappearing, but i managed to resolve that issue by having to download a tool called VundoFix to remove that virus (i think you can tell what i had by that name :p Trojan.Vundo). It managed to remove it successfully.

    But now, Microsoft Update doesn't work! I can't manage to resolve this issue, i've tried Google and various support websites as-well (none posted on), but no avail. The error code i am receiving is: 0x800704DD. As soon as i press the "Express" or "Custom" button to update, i receive that error.

    My operating system is Windows XP under the Service Pack 2.

    So, do you guys know how to possibly fix or give suggestions to this issue? If so, please reply.

    I have included a HiJack This log for further information:
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:41:31 PM, on 2008-09-21
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\xampp\apache\bin\apache.exe
    C:\Program Files\Borland\InterBase\bin\ibguard.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\xampp\mysql\bin\mysqld-nt.exe
    C:\xampp\apache\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\Borland\InterBase\bin\ibserver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\G-VGA.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\TuneUp Utilities 2008\Integrator.exe
    C:\Documents and Settings\daniel.COLLISCLAN\Desktop\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
    O2 - BHO: (no name) - {238A8CCF-0682-4933-A93E-A86AE52A7A0C} - (no file)
    O2 - BHO: (no name) - {3C69C08B-DB2C-40BC-9AB0-F46CCD055BC3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {8B6CC697-82AB-4702-A05E-6639F0AB3DEf} - (no file)
    O2 - BHO: (no name) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {917368D6-B8EB-4A4D-94DA-0ECED7F22B59} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C4B8FA27-ED88-48B5-832E-69BCC7838C39} - (no file)
    O2 - BHO: (no name) - {EB9B8D90-8021-4000-A0B6-906183BE3AFD} - C:\WINDOWS\system32\byXQJbAR.dll (file missing)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\6.bin\m3SrchMn.exe" /m=0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [firefox.exe] C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
    O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000(3)
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O8 - Extra context menu item: AMV convert tool grab multimedia file - C:\Program Files\MP3 Player Utilities 5.02\AMVConverter\grab.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?e0efccabf0384a3fba7d1989f15bcae5
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?e0efccabf0384a3fba7d1989f15bcae5
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\hide my ip 2007\proxyfilter.dll
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Fashion Star\Images\stg_drm.ocx
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187954707025
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194367743765
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Paradise Pet Salon\Images\armhelper.ocx
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by22fd.bay22.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: App Management - C:\WINDOWS\
    O20 - Winlogon Notify: cbXQigGV - cbXQigGV.dll (file missing)
    O20 - Winlogon Notify: cbXRJayW - cbXRJayW.dll (file missing)
    O20 - Winlogon Notify: hgGyvvtq - hgGyvvtq.dll (file missing)
    O20 - Winlogon Notify: iifeDurQ - iifeDurQ.dll (file missing)
    O20 - Winlogon Notify: iiFVlljk - iiFVlljk.dll (file missing)
    O20 - Winlogon Notify: ljJYSkkh - ljJYSkkh.dll (file missing)
    O20 - Winlogon Notify: nnnkIcaX - nnnkIcaX.dll (file missing)
    O20 - Winlogon Notify: nnnlmLdd - nnnlmLdd.dll (file missing)
    O20 - Winlogon Notify: opnmJccY - opnmJccY.dll (file missing)
    O20 - Winlogon Notify: pmnmjjj - pmnmjjj.dll (file missing)
    O20 - Winlogon Notify: rqRIaBSi - rqRIaBSi.dll (file missing)
    O20 - Winlogon Notify: vtUollKE - vtUollKE.dll (file missing)
    O20 - Winlogon Notify: wvUlkLdC - wvUlkLdC.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
    O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\6.bin\mwssvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    
    --
    End of file - 12971 bytes
     
  2. Dudeofthed

    Dudeofthed Thread Starter

    Joined:
    Jun 24, 2007
    Messages:
    187
  3. Dudeofthed

    Dudeofthed Thread Starter

    Joined:
    Jun 24, 2007
    Messages:
    187
    -Bump-
    Goes to search for another support website
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/751897

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice