Help with trojans please!

Computing.Net > Forums > Security and Virus > Help with trojans please!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

Help with trojans please!

Name: brocolli
Date: September 18, 2006 at 19:39:32 Pacific
OS: xp sp2
CPU/Ram: intel/1gig
Product: misc parts

Comment:

I have trojan, i have tried searching for it and going through the registries. I can't find it! I think i've downloaded every good spyware program to help me find it.
My explorer keeps crashing. I have gone through my hijackthis log and got rid of other things, and it still crashes. I really dont want to reimage this machine before i get a new HD. =( Please help!
I ran spysweeper, it said i had 3 or 4 different hish risk trojans, but when i looked up how to remove them, there was nothing in the registries or any files that would normally be in those viruses. I'm at a loss. =(
I have my hijackthis log if needed.

Sponsored Link

Ads by Google

Response Number 1

Name: Dave426
Date: September 18, 2006 at 20:10:34 Pacific

Reply:

The HijackThis log would be good yeah, also, you said you had all the good anti-spyware apps, how about anti-virus? What do you have? Anti-spyware programs are probably not going to cut it when it comes to virus and trojans.

Response Number 2

Name: brocolli
Date: September 18, 2006 at 20:32:14 Pacific

Reply:

hijackthis log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Common Files\AOL\1149058279\ee\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Emily\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nGDIrA] C:\windows\system32\nGDIrA.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
For anti-virus, i had zonelabs for awhile.. AVG, and a couple random ones i uninstalled after a bit...

Response Number 3

Name: murr
Date: September 18, 2006 at 21:18:34 Pacific

Reply:

Go to "C:\windows\system" folder and check for the presence of these files.
"SCANREG.VBS"
"VBASET.OLB"
"MSINFO16.TLB"

Response Number 4

Name: brocolli
Date: September 18, 2006 at 22:18:44 Pacific

Reply:

none of those files are in the system folder.. =(
Thank you though. I appreciate the help a lot. =)

Response Number 5

Name: murr
Date: September 18, 2006 at 22:44:14 Pacific

Reply:

Run this online scan from Panda http://www.pandasoftware.com/produc...
Once completed, there will be a scan log.Post that log here along with a fresh 'HJT' log.

hacktool Apple Service Diagnostic itunes help Scan Log google talk linux sys.dat firefox uninstaller can i delete viruses out of the avg virus vault? forum scanreg vbe6ext.olb	yahoo ftp messages wont delete, they just appear with a line through please launch %s in MCE iTunes server rootkit.tdss nvcpl iexplore.exe virus hacktool.flooder wuauclt.exe sales.liveperson.net
See More

Response Number 6

Name: XpUser4Real
Date: September 18, 2006 at 23:19:57 Pacific

Reply:

send an IM to Jabuck, he's the best in this forum and make sure you tell him the subject of your post as well as the post number and the forum it's in. He'll get you goin pretty quick!
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 7

Name: brocolli
Date: September 18, 2006 at 23:20:23 Pacific

Reply:

Panda scan:
Incident Status Location
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UDC6_0001_D18M1108NetInstaller.exe
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Hacktool:rootkit/zaqt.a Not disinfected hkey_local_machine\system\currentcontrolset\services\DP1112
Adware:adware/memorywatcher Not disinfected Windows Registry
Adware:adware/navhelper Not disinfected Windows Registry
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.com.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.target.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[server.iad.liveperson.net/hc/660188]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[stats.drivecleaner.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Emily\Application Data\Mozilla\Firefox\Profiles\izobar3v.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Emily\Cookies\emily@atwola[1].txt
i'll post the HJT log when i reboot. I'm on safe mode with networking now. =/

Response Number 8

Name: Bob (by BigBob)
Date: September 19, 2006 at 03:55:00 Pacific

Reply:

Start with removing these entrys,
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52.
Run ATF Cleaner
Reboot to safe mode and re-scan with HJT

" Please Post back to let us know if we helped "

Response Number 9

Name: brocolli
Date: September 19, 2006 at 21:59:12 Pacific

Reply:

Here's the new hijackthis log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Documents and Settings\Emily\Desktop\HijackThis.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nGDIrA] C:\windows\system32\nGDIrA.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" -quiet
O4 - Global Startup: D-Link AirPlus.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Good news!! I ran Spysweeper and it found a DP1112 file that is part of the Virtumunde virus... I deleted it out of the registry and the device manager, and now i have my browser back!!!
I found this on the internets:
http://wiki.castlecops.com/Vundo_Ro...

I did fix those ProtocolDefault files in hijackthis, Bob. But they wont delete. They just populate when i scan again. =(
Thanks for everyone's help.. I really appreciate it! I'm going to get back to deleting stuffs.. Thanks again!

Response Number 10

Name: Bob (by BigBob)
Date: September 20, 2006 at 03:47:36 Pacific

Reply:

Turn off system restore then remove these entries,
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
.

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
.

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Then download and run Ewido in safe mode
" Please Post back to let us know if we helped "

Sponsored Link

Ads by Google

Uncontrolable Scrolling

computer wont stop typing...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Help with trojans please!

I need help with Trojans please

Summary

www.computing.net/answers/security/i-need-help-with-trojans-please/11389.html

Help with Trojan

Summary

www.computing.net/answers/security/help-with-trojan/27320.html

Help with Trojan.AppActXComp Virus !

Summary

www.computing.net/answers/security/help-with-trojanappactxcomp-virus-/573.html

From the Geek Dictionary
USB - Universal Serial Bus - A port on most modern computers that allows for the ...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
need 3d card for Compaq SR1426nx

1 Long Beep, 2 Short Beeps (Compaq Presario)

sudden black screen of death, cause/solution?

Store multiple lines in a text file

Video Adapter

All Awaiting Reply

Tom's News
Say Hello to Mass Effect 2's Engineer Class

Star Trek Online Tool Lets You Tweet in Klingon

Support for Win 2K, XP SP2 ends July 2010

Bogus Reviews Gets App Developer Banned

Warner, Sony BMG, EMI, Universal Sued for Piracy

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE